Open
Description
Download
http://lp.downcode.com/j_14/j_14745_bluecms.rar
vulnerability code:
in admin/model.php line 55:

There is numeric injection for $_GET['model_id']
Because there is no echo, you can blind SQL injection with sleep()
payload: act=del&model_id=sleep(1)

sleep () is executed based on the server response speed
Use exp to get the database version number

Metadata
Assignees
Labels
No labels