There is blind SQL injection. Because the database name is "cscms", the string returned by select database() starts with 'C', substr ((select + database()), 1,1) = 'C' is true, and the verification is correct
The text was updated successfully, but these errors were encountered:
Details
there is a Injection vulnerability exists in sys_User.php_level_sort
You can see that success makes the server sleep
Construct payload to guess the database
(case(1)when(ascii(substr((select(database()))from(1)for(1)))=99)then(sleep(5))else(1)end)There is blind SQL injection. Because the database name is "cscms", the string returned by select database() starts with 'C', substr ((select + database()), 1,1) = 'C' is true, and the verification is correct
The text was updated successfully, but these errors were encountered: