You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I found a sql injection vulnerability in cat_move.php:
The 'move_categories' method is called when moving the album in '/admin.php?page=cat_move', but the method does not validate and filter the 'selection' and 'parent' parameters, thus causing the vulnerability.
replace any of the following parameter in POST requests to reappear the vulnerability: selection%5B%5D=1)` and if(ascii(substr(database(),1,1))>300,1,sleep(5));%23
or parent=1 and if(ascii(substr(database(),1,1))>300,1,sleep(5));%23
I use 'sqlmap' to reappear the vulnerability:
The text was updated successfully, but these errors were encountered:
Hi, I found a sql injection vulnerability in cat_move.php:
The 'move_categories' method is called when moving the album in '/admin.php?page=cat_move', but the method does not validate and filter the 'selection' and 'parent' parameters, thus causing the vulnerability.
replace any of the following parameter in POST requests to reappear the vulnerability:
selection%5B%5D=1)` and if(ascii(substr(database(),1,1))>300,1,sleep(5));%23
or
parent=1 and if(ascii(substr(database(),1,1))>300,1,sleep(5));%23
I use 'sqlmap' to reappear the vulnerability:
The text was updated successfully, but these errors were encountered: