LuckyC4t

icon indicating a website link blog.luckycat.moe

icon company HDU icon location HangZhou icon location SAST noob | SCA | web security

Results 1 issues of LuckyC4t

PHPOK5.4 has sensitive information disclosure and sql injection

1 comment

in `framework/phpok_call.php`, the function `_userlist` has a sql injection ![image](https://user-images.githubusercontent.com/40694340/69966618-c16e7f80-1551-11ea-9ac7-7cda8720bfab.png) in some reasons, we can controll the value of variable `$rs`, so we can splice evil sql query ![image](https://user-images.githubusercontent.com/40694340/69966891-422d7b80-1552-11ea-8e6a-694b3161ee0b.png) ![image](https://user-images.githubusercontent.com/40694340/69966834-275b0700-1552-11ea-8e17-6ae7420eec8d.png)...