This repository has been archived by the owner on May 8, 2023. It is now read-only.
AeroCMS v0.0.1 has a SQL injection vulnerability #9
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
AeroCMS v0.0.1 was found to contain a SQL injection vulnerability via the 'p_id' parameter in post.php. The vulnerability allows an attacker to gain database administrator privileges and access database information without authentication. Wait a minute
1.No login required. Execute sqlmap command: python3 sqlmap.py -u http://192.168.101.5/post.php?p_id=-1* -p "p_id", you can see that there is an SQL injection vulnerability in the p_id parameter
We can see "DBA: TRUE"
The text was updated successfully, but these errors were encountered: