You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
in framework/phpok_call.php, the function _userlist has a sql injection
in some reasons, we can controll the value of variable $rs, so we can splice evil sql query
you can see, it also include sensitive information
The text was updated successfully, but these errors were encountered:
it also has in the function _arclist_single
so we can splice evil sql query. but we should make if($rs['fields_need']) alway false
LuckyC4t
changed the title
PHPOK5.4 sensitive information disclosure and sql injection
PHPOK5.4 has sensitive information disclosure and sql injection
Dec 3, 2019
in
framework/phpok_call.php
, the function_userlist
has a sql injectionin some reasons, we can controll the value of variable
$rs
, so we can splice evil sql queryyou can see, it also include sensitive information
The text was updated successfully, but these errors were encountered: