New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

报告内容会过滤常见英文单词和poc #27

Open

lovelyjuice opened this issue Dec 26, 2023 · 1 comment

lovelyjuice commented Dec 26, 2023

报告里面本来就经常会包含sql注入的poc，比如我打个heapdump结果被过滤掉了变成heap，导致报告出现偏差。
建议使用预编译方式防止SQL注入，而不是这种低级的替换关键字的方式。

BugRepoter_0x727/config/function.php

Line 77 in bddf10c

    
           "/select|insert|update|delete|join|union|into|load_file|outfile|dump|count|asc|create|where/is"

Collaborator

xz-zone commented Feb 8, 2025

这个只是语法过滤，数据库写入是采用pdo方式

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment