There is SQL injection vulnerability in the login office of 188Jianzhan, which can bypass WAF and direct universal password without the need to verify the login background.
At line 29, querying $user and $PWD using the SELECT statement does not do any effective filtering. So there is an SQL injection vulnerability and you can log in directly with the universal password admin' and 1=1#
But first, we need to bypass WAF.There's a 360waf protection.
We can uselikeinstead of =
In the end,The payload :admin' or 1 like 1#,Then enter any password。
The text was updated successfully, but these errors were encountered:
First of all, we want to thank you for your attention.
We already know the SQL injection vulnerability information you submitted this time, but because this version has exceeded the life cycle and ended support for this version, we decided to provide only solutions in the short term.
We will pay attention to this vulnerability in the development of subsequent versions, thank you for your support!
There is SQL injection vulnerability in the login office of 188Jianzhan, which can bypass WAF and direct universal password without the need to verify the login background.
At line 29, querying $user and $PWD using the SELECT statement does not do any effective filtering. So there is an SQL injection vulnerability and you can log in directly with the universal password


admin' and 1=1#But first, we need to bypass WAF.There's a 360waf protection.
We can use
likeinstead of=In the end,The payload :
admin' or 1 like 1#,Then enter any password。The text was updated successfully, but these errors were encountered: