إرسال #844292: GitHub eyoucms v1.7.1 SQL Injectionالمعلومات

عنوانGitHub eyoucms v1.7.1 SQL Injection
الوصف1. Vulnerability Introduction github地址:https://github.com/weng-xianhu/eyoucms/issues/68 -System Name: EyouCMS -System version: v1.7.1 -Vulnerability triggers routing:/index. php? s=/home/Ask/ajax_show_comment -Control parameter: click_ike -Harm: SQL injection, attackers can extract sensitive information such as administrator account passwords from the database by passing in malicious SQL statements 2. Vulnerability Analysis Vulnerable File (Model layer): application/home/model/Ask.php The GetAskReplyData method accepts the $param['click_like'] parameter, only checks whether the parameter is empty, and if not empty, directly concatenates it into the ORDER BY clause, then calls ->order() to execute the raw SQL: $OrderBy = !empty($param['click_like']) ? 'a.click_like ' . $param['click_like'] . ', a.add_time asc' : 'a.add_time asc'; ->order($OrderBy) Vulnerable Trigger File (Controller layer): application/home/controller/Ask.php In the ajax_show_comment method, the route /home/Ask/ajax_show_comment accepts all parameters via input('param.') and directly passes them into the GetAskReplyData method without any filtering or validation, resulting in SQL injection: public function ajax_show_comment() { if (IS_AJAX_POST) { $param = input('param.'); // No filtering $Comment = $this->AskModel->GetAskReplyData($param, $this->parent_id); } } 3. Vulnerability reproduction https://private-user-images.githubusercontent.com/171806284/600611717-2ae821a6-363a-4440-bf02-8ceff68feb46.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAyNDI5MjYsIm5iZiI6MTc4MDI0MjYyNiwicGF0aCI6Ii8xNzE4MDYyODQvNjAwNjExNzE3LTJhZTgyMWE2LTM2M2EtNDQ0MC1iZjAyLThjZWZmNjhmZWI0Ni5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNTMxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDUzMVQxNTUwMjZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT05YmJkZDVlMzk3N2IzY2U0Yzg1YmZmNGZkNWRiN2ZkYWNiOWNjMDc3ZmJlMmRhODVlMzdjNGU0ZGUzYjI3NDI4JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.2wzDxdyZ2qBPa3xVfI6KOr5TWfaKpHVpHvQAetIPSgc
المصدر⚠️ https://github.com/weng-xianhu/eyoucms/issues/68
المستخدم
 dijia1234 (UID 98657)
ارسال31/05/2026 05:51 PM (29 أيام منذ)
الاعتدال28/06/2026 08:27 PM (28 days later)
الحالةتمت الموافقة
إدخال VulDB374577 [weng-xianhu EyouCMS حتى 1.7.1 API /index.php click_like حقن SQL]
النقاط20

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!