Analysis:
In the file:https://github.com/h4ckdepy/zzzphp/blob/master/form/index.php line:262
get_json() method supports execution through the getmodule() method and when the value of the $act variable is getjson. At this time, it will get the URL as follows: http://127.0.0.1/zzzphp/form/index.php?module=getjson Post. And in the where parameter, the array can be used to bypass the restriction, and there is no SQL injection filter on the parameter, resulting in SQL injection.
The text was updated successfully, but these errors were encountered:
Injection point: http://127.0.0.1/zzzphp/form/index.php?module=getjson


Send a post request,and payload:
table=gbook&where[]=1=1 union select password from zzz_user&col=1
Analysis:
In the file:https://github.com/h4ckdepy/zzzphp/blob/master/form/index.php line:262
get_json() method supports execution through the getmodule() method and when the value of the $act variable is getjson. At this time, it will get the URL as follows: http://127.0.0.1/zzzphp/form/index.php?module=getjson Post. And in the where parameter, the array can be used to bypass the restriction, and there is no SQL injection filter on the parameter, resulting in SQL injection.
The text was updated successfully, but these errors were encountered: