关键信息 漏洞描述 漏洞类型: SQL注入 (SQLi) 受影响系统: NEWS-BUZZ (News Management System) v1.0 易受攻击文件: /publicposts.php 参数: post 供应商和软件链接 供应商: code-projects 软件链接: NEWS-BUZZ (News Management System) POC (概念验证) 注入点详情 参数: post (GET) 类型: - error-based - time-based blind 标题: - MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) - MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload示例: - Error-based: - Time-based blind: