From this webpage screenshot, the following key information about the vulnerability can be extracted: 1. Vulnerability Title Time-Based SQL Injection in lyime_spage via sort Parameter 2. Vulnerability Type SQL Injection (Time-Based Blind) 3. Product Information Vendor: lyime Product: lyime_spage Affected Version(s): v2.1.0 Platform(s): Web-based (PHP + MySQL) 4. Vulnerability Description A time-based blind SQL injection vulnerability exists in the processing of the parameter in the project . Due to improper sanitization of user input or direct string concatenation without using prepared statements, attackers can inject malicious SQL code via the parameter. 5. Reproduction Steps 1. Send a request to the relevant endpoint to trigger the SQL statement. 2. Inject the following payload into the parameter: 3. If the first character of the database username is (ASCII 108), the server will pause for 5 seconds, confirming the presence of the vulnerability. 6. Impact Unauthenticated attackers can: - Extract database-level information (such as current user, schema, or data) - Chain blind injection queries to dump database contents - Potentially gain control over the backend system if sufficient privileges are available 7. Proof of Concept (PoC) Provides a specific HTTP POST request example and payload to monitor server response time; a 5-second delay indicates successful injection. 8. Mitigation / Recommendations Use prepared statements (e.g., PDO or mysqli with bound parameters) Apply strict input validation and sanitization Disable detailed SQL error reporting in production environments 9. Acknowledgments Discoverer: yanbei, Contact Email: yanbei_mail@163.com