STCMS V3. 3 SQL injection 0DAY vulnerabilities-vulnerability warning-the black bar safety net
Vulnerability causes: There is no filter$SERVER lead to the user can be faked$SERVERX-FORWARDED-FOR, so the malicious injection statement written to the database. Using the steps of: 1. Enter a comment on the page, the first comment A and capture. 2. In the package add a bar: X-Forwarded-For:...