Check the response after sending the packet, and you can see that the database has thrown an exception.
Code audit
According to the function route, we can locate the "sys/apps/controllers/author/comment. php" file,Continue, let's locate the input of the time parameter.The time parameter will be passed to $wh [] and then spliced into sqlstr to cause SQL injection.
The text was updated successfully, but these errors were encountered:
Hello, we found that your project has a SQL injection vulnerability. The details are as follows.
The function point exists in Author Center ->Reader Comments ->Search

Httpraw packet
Check the response after sending the packet, and you can see that the database has thrown an exception.
According to the function route, we can locate the "sys/apps/controllers/author/comment. php" file,Continue, let's locate the input of the time parameter.The time parameter will be passed to $wh [] and then spliced into sqlstr to cause SQL injection.


The text was updated successfully, but these errors were encountered: