Background SQL injection

Background SQL injection

![image](https://user-images.githubusercontent.com/20243850/132848621-9018ec4d-66e1-4168-872c-4ae0b8fe2842.png)

Parameter id is not filtered 

![image](https://user-images.githubusercontent.com/20243850/132849489-f70d48c7-8b53-47a7-921f-92e072205b8f.png)

The corresponding url is http://127.0.0.1/app/LKT/index.php?module=member&action=modify&id=1

![image](https://user-images.githubusercontent.com/20243850/132849646-7a76e1d9-0340-4cfe-8bf7-d8710ee357b6.png)

Using sleep function to delay 5 seconds as an example

![image](https://user-images.githubusercontent.com/20243850/132849966-bcd5ec96-d101-478a-8121-3fe8eadb59c4.png)


![image](https://user-images.githubusercontent.com/20243850/132850080-77f61f16-7b4c-4365-a475-2c38130cd5e2.png)


Using sleep function to delay 10 seconds as an example


![image](https://user-images.githubusercontent.com/20243850/132850339-15125f0b-3663-4b00-b858-e300dbb7e283.png)


Get the database through sqlmap

![image](https://user-images.githubusercontent.com/20243850/132851437-bc0df0ed-b486-49f3-98bd-a18e34cc48fd.png)











Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Background SQL injection #12

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development