CVE-2020-23685: 118jianzhan v2.10 /Admin/login.php sql injection vulnerability · Issue #2 · vtime-tech/188Jianzhan

There is SQL injection vulnerability in the login office of 188Jianzhan, which can bypass WAF and direct universal password without the need to verify the login background.

At line 29, querying $user and $PWD using the SELECT statement does not do any effective filtering. So there is an SQL injection vulnerability and you can log in directly with the universal password admin’ and 1=1#
But first, we need to bypass WAF.There’s a 360waf protection.

We can uselikeinstead of =
In the end,The payload :admin’ or 1 like 1#,Then enter any password。

首先，我们要感谢您的关注。
您本次提交的SQL注入漏洞信息我们已经知晓，但是由于该版本已经超出了生命周期并且结束对该版本的支持，因此我们决定在短期内只提供解决方案。
我们会在后续的版本开发中留意该漏洞问题，感谢您的支持！

First of all, we want to thank you for your attention.
We already know the SQL injection vulnerability information you submitted this time, but because this version has exceeded the life cycle and ended support for this version, we decided to provide only solutions in the short term.
We will pay attention to this vulnerability in the development of subsequent versions, thank you for your support!