Vulnerability recurrence:

1、 http://172.16.108.111/admin Login to the background

1. Added administrator to use burpsuite for packet capture

   

2. The request was made using the following payload, with a success delay of 5 seconds

   

3. sqlmap

   

Injection point:

1. Parameter A_newsauth

   

2. Parameter A_bbsauth

   

3. Parameter A_productauth

   

4. Parameter A_textauth

   

5. Parameter A_formauth

   

   Vulnerability Analysis:

   1. The vulnerability is located at http://172.16.108.111/admin/ajax.php?type=admin&action=add&lang=0

   Locate Ajax.php by source code

   

6. The filter file is functions.php.

   

7. All POST requests go through the check_input function

   

8. If it's an array, it will bypass the filtering rules.

   

9. The data is returned and then iterated and spliced leading to SQL injection