Use the system default account password to log in to the system.
In the visual design menu - report design, see Figure 1 for details.
Then click New Report, see Figure 2 for details.
Click the + sign to select a new SQL data set, see Figure 3 for details.
Select and enter the corresponding data according to Figure 4, the payload is as follows:
payload:select * from sys_user WHERE id='' union SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,(select group_concat(SCHEMA_NAME) from information_schema.SCHEMATA)
According to the execution result, all the database information of the mysql server of the system can be obtained, see Figure 5 for details.
So far the vulnerability has surfaced successfully.
The text was updated successfully, but these errors were encountered:
Use the system default account password to log in to the system.





In the visual design menu - report design, see Figure 1 for details.
Then click New Report, see Figure 2 for details.
Click the + sign to select a new SQL data set, see Figure 3 for details.
Select and enter the corresponding data according to Figure 4, the payload is as follows:
payload:select * from sys_user WHERE id='' union SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,(select group_concat(SCHEMA_NAME) from information_schema.SCHEMATA)
According to the execution result, all the database information of the mysql server of the system can be obtained, see Figure 5 for details.
So far the vulnerability has surfaced successfully.
The text was updated successfully, but these errors were encountered: