关键信息总结 漏洞名称: Basic B2B Script - SQL Injection EDB-ID: 43074 CVE: CVE-2017-15985 作者: Ihsan Sencan 类型: WEBAPPS 平台: PHP 日期: 2017-10-30 易受攻击的应用: 未指定 相关链接: - Vendor Homepage: http://www.phpscriptsmall.com/ - Software Link: http://www.exclusivescript.com/product/nC3F4570353/php-scripts/basic-b2b-script - Demo: http:// READYMADEb2bscript.com/product/entrepreneur/ Citizenship: 类别 Webapps 测试平台: WiN7_x64/KaLiLinux_x64 CVE: CVE-2017-15985 描述: 该漏洞允许攻击者注入SQL命令。 证明概念: - - 参数与类型: - pid (GET): AND/OR time-based blind - id (GET): boolean-based blind, AND/OR time-based blind Payload示例: - -