New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

youke365_SQL inject #4

Open
yanchongchong opened this Issue Oct 11, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@yanchongchong
Owner

yanchongchong commented Oct 11, 2018

POST /admin/login.html HTTP/1.1
Host: 192.168.102.129:8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.102.129:8/admin/login/YouKe365Code/594fefcd69841081ddc4a2587700bb7d.html
Content-Type: application/x-www-form-urlencoded
Content-Length: 73
Cookie: abc=test; abc=test; PHPSESSID=0iqf7iuils7dhn6fr1hj1tqjb1
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1

username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86

Using this packet test。A SQL injection vulnerability exists in http://192.168.102.129:8/admin/login/YouKe365Code/594fefcd69841081ddc4a2587700bb7d.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment