Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Pbootcms SQL injection in api.php #1
The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database.
Authorization code required after installation,We can go to this URL and enter our ip to get the authorization code.
This SQL injection requires background api functionality.
When the api function is enabled in the background, the foreground api will have SQL injection.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18211 has been assigned for this vulnerability.