Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1 matches found

seebug.org
seebug.orgadded 2015/09/28 12:0 a.m.71 views

SunshineCRM v1 /general/ERP/LOGIN/logincheck.php SQL注入漏洞

(0day)郑州单点科技软件有限公司开发的开源软件SunShineCRMv1版存在SQL注入漏洞漏洞分析过程如下:1、 源码分析: SunShineCRM系统登录页面index.php的POST表单action跳转到logincheck.php页面 Logincheck.php页面负责对登录的用户名和密码进行验证,虽然有校验特殊字符的代码,但却并 未过滤和转义这些特殊字符2、 POC过程: 首先检测注入是否存在 然后使用SQLMAP探测目标数据库信息,默认数据库mysql和CRM系统数据库crmmarket sqlmap-u...

7.1AI score
Exploits0
Rows per page
Query Builder