CVE-2023-30211: OURPHP <=v7.2.0 Background SQL injection

This function node on the website background can directly execute SQL statements, but requires a password code, which can be exploded. The default password code is 6 digits, and it will be exploded in a moment.

We try to execute the following statement

UPDATE ourphp_mail set OP_Mailpass=’37e0c8f50a64a454’ WHERE id=’4’;

You can see that this value is currently 123456

Then we execute the statement，And then use burp to explode the password code

See the prompt that the operation was successful

The value has also been changed

Code download address

https://down.chinaz.com/api/index/download?id=51308&type=code

Just download it and put it directly into PHPstudy