In search.php,there's a SQL injection vulnerability in parameter,search.This parameter is transmitted using POST,you can use sqlmap to enter the database.
POST /search.php HTTP/1.1
Host: localhost:8082
Connection: keep-alive
Content-Length: 18
Cache-Control: max-age=0
Origin: http://localhost:8082
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://localhost:8082/index.php
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: PHPSESSID=h0vvq91s3j8aq77qsjmdbbt8vq
search=111&submit=
The text was updated successfully, but these errors were encountered:
In search.php,there's a SQL injection vulnerability in parameter,search.This parameter is transmitted using POST,you can use sqlmap to enter the database.
The text was updated successfully, but these errors were encountered: