Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

118jianzhan v2.10 /Admin/login.php sql injection vulnerability #2

Closed
Shu1L opened this issue Jun 21, 2020 · 1 comment
Closed

118jianzhan v2.10 /Admin/login.php sql injection vulnerability #2

Shu1L opened this issue Jun 21, 2020 · 1 comment
Assignees
Labels
bug Something isn't working

Comments

@Shu1L
Copy link

Shu1L commented Jun 21, 2020

There is SQL injection vulnerability in the login office of 188Jianzhan, which can bypass WAF and direct universal password without the need to verify the login background.

QQ截图20200621092050

At line 29, querying $user and $PWD using the SELECT statement does not do any effective filtering. So there is an SQL injection vulnerability and you can log in directly with the universal password admin' and 1=1#
But first, we need to bypass WAF.There's a 360waf protection.
QQ截图20200621092112
We can uselikeinstead of =
In the end,The payload :admin' or 1 like 1#,Then enter any password。
QQ截图20200621093307

@qq348069510 qq348069510 self-assigned this Jun 21, 2020
@qq348069510 qq348069510 added the bug Something isn't working label Jun 21, 2020
@qq348069510
Copy link
Collaborator

首先,我们要感谢您的关注。
您本次提交的SQL注入漏洞信息我们已经知晓,但是由于该版本已经超出了生命周期并且结束对该版本的支持,因此我们决定在短期内只提供解决方案。
我们会在后续的版本开发中留意该漏洞问题,感谢您的支持!

First of all, we want to thank you for your attention.
We already know the SQL injection vulnerability information you submitted this time, but because this version has exceeded the life cycle and ended support for this version, we decided to provide only solutions in the short term.
We will pay attention to this vulnerability in the development of subsequent versions, thank you for your support!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants