Skip to content
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
15 lines (14 sloc) 604 Bytes

zzcms 8.3 SQL injection


zzcms v8.3

Vulnerability details

position: $ip parameter /user/logincheck.php in line 21 postion $ip from getip() and it defines in /inc/function.php The getip() function does not have any security filtering. SQL injection can be caused by constructing the X-Forwarded-For parameter.


X-Forwarded-For:' or (select * from (select sleep(2))b)#

You can’t perform that action at this time.