CVE-2020-36112 PoC — Projectworlds Online Book Store Project In Php SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-36112.yaml

Associated Vulnerability

Title:Projectworlds Online Book Store Project In Php SQL注入漏洞 (CVE-2020-36112)
Description:Projectworlds Online Book Store Project In Php是奥地利Projectworlds公司的一个基于Php的在线书店系统。 Projectworlds Online Book Store Project In Php 1.0 存在SQL注入漏洞，攻击者可利用该漏洞转储web应用程序运行的整个数据库。

Description

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database.

File Snapshot


 id: CVE-2020-36112

info:
  name: CSE Bookstore 1.0 - SQL Injection
  author: geeknik
  severity: cr

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!