漏洞描述
【漏洞对象】最土团购 【漏洞描述】最土团购的call.php文件的num参数存在sql注入,可造成信息数据泄露,攻击者可利用该漏洞执行SQL指令,甚至入侵服务器。
最土团购 call.php-SQL注入
PoC代码
暂无相关漏洞推荐
- 亿赛通电子文档安全管理系统 /CDGServer3/dwr/call/plaincall/JLockSeniorDao.findByLockName.dwr SQL 注入漏洞
- 泛微OA /dwr/call/plaincall/ 权限绕过漏洞
- 万户 ezOFFICE WeiXin!callback.action XXE漏洞
- 畅捷通T+ getdecallusers信息泄露漏洞
- 用友 U8 Cloud /u8cloud/api/hrta/returnleave/callback SQL 注入漏洞
- POC CVE-2024-29882: HTTP API DOM - XSS on JSONP callback
- POC CVE-2024-29868: Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation
- POC CVE-2024-32709: WP-Recall <= 16.26.5 - SQL Injection
- POC CVE-2025-1323: WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection
- POC cloudfront-compress-object: CloudFront Compress Objects Automatically
- POC eks-logging-kubes-api-calls: Enable CloudTrail Logging for Kubernetes API Calls
- POC call-com-installer: Call.com Setup Page - Exposure
- 圣乔ERP系统 /erp/dwr/call/plaincall/SingleRowQueryConvertor.queryForString.dwr SQL 注入漏洞