in admin/model.php line 55:
There is numeric injection for $_GET['model_id']
Because there is no echo, you can blind SQL injection with sleep()
payload: act=del&model_id=sleep(1)
sleep () is executed based on the server response speed
Use exp to get the database version number
The text was updated successfully, but these errors were encountered:
Download
http://lp.downcode.com/j_14/j_14745_bluecms.rar
vulnerability code:
in admin/model.php line 55:



There is numeric injection for $_GET['model_id']
Because there is no echo, you can blind SQL injection with sleep()
payload: act=del&model_id=sleep(1)
sleep () is executed based on the server response speed
Use exp to get the database version number
The text was updated successfully, but these errors were encountered: