CVE-2022-37111: Bluecms V1.6 has SQL injection in line 132 of admin/article.php · Issue #1 · seizer-zyx/Vulnerability

Bluecms_v1.6****Download

http://lp.downcode.com/j_14/j_14745_bluecms.rar

vulnerability code:

in admin/article.php line132:

There is numeric injection for $_GET[‘id’]
Because there is no echo, you can blind SQL injection with sleep()
payload: id=1%20or%20if(1=1,sleep(1),0)

payload: id=1%20or%20if(1=2,sleep(1),0)

sleep () is executed based on the server response speed
Use exp to get the database version number