| Title | SUL1SS_shop Order.php keyword parameter SQLi |
|---|
| Description | The SUL1SS_shop system is a store application developed based on the ThinkPHP5 framework.
The Order page query function in the background of this system has a SQL Boolean blind injection caused by a keyword parameter (login to the system is required),
(https://github.com/617746883/thinkphp5.0_shop)
Operations on keyword parameters cause SQL injection vulnerabilities,
Will cause some unknown hazards.
Authenticate with sqlmap (requires login for cookies to work)
Specific content (utilization examples) need to view the link |
|---|
| Source | ⚠️ https://tib36.github.io/2023/03/04/SUL1SS-shop-SQLi/ |
|---|
| User | nokali (UID 42250) |
|---|
| Submission | 03/04/2023 14:21 (3 years ago) |
|---|
| Moderation | 03/08/2023 19:00 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222599 [SUL1SS_shop Order.php keyword sql injection] |
|---|
| Points | 20 |
|---|