Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CuppaCMS has SQL injection vulnerability #5

Closed
anquanfuwu opened this issue Nov 8, 2018 · 3 comments
Closed

CuppaCMS has SQL injection vulnerability #5

anquanfuwu opened this issue Nov 8, 2018 · 3 comments
Assignees
Labels

Comments

@anquanfuwu
Copy link

Affected software: CuppaCMS

Type of vulnerability: SQL injection

Discovered by: darkrerror

SQL Injection in administrator/classes/ajax/functions.php with parameter reference_id

function updateUserTableLog(){
if(!@$_POST["reference_id"]) echo "1";
$cuppa = Cuppa::getInstance();
$data = new stdClass();
$data->user_id_updating = "'".$cuppa->user->getVar("id")."'";
$data->date_updating = "'".date('Y-m-d H:i:s')."'";
$data->table_name = "'".$_POST["table_name"]."'";
$data->reference_id = "'".$_POST["reference_id"]."'";
$result = $cuppa->dataBase->add($cuppa->configuration->table_prefix."tables_log", $data);
echo $result;

POST request screenshot:
image

sqlmap tool screenshot
image

@tufik2 tufik2 self-assigned this Nov 12, 2018
@tufik2 tufik2 added the bug label Nov 12, 2018
@tufik2 tufik2 closed this as completed Nov 12, 2018
@tufik2
Copy link
Contributor

tufik2 commented Nov 12, 2018

This issue was fixed in the last commit...

@anquanfuwu
Copy link
Author

This issue was fixed in the last commit...

thanks

@anquanfuwu
Copy link
Author

这个问题被关闭了,能打开吗

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants