New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CuppaCMS has SQL injection vulnerability #5

Closed
anquanfuwu opened this Issue Nov 8, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@anquanfuwu

anquanfuwu commented Nov 8, 2018

Affected software: CuppaCMS

Type of vulnerability: SQL injection

Discovered by: darkrerror

SQL Injection in administrator/classes/ajax/functions.php with parameter reference_id

function updateUserTableLog(){
if(!@$_POST["reference_id"]) echo "1";
$cuppa = Cuppa::getInstance();
$data = new stdClass();
$data->user_id_updating = "'".$cuppa->user->getVar("id")."'";
$data->date_updating = "'".date('Y-m-d H:i:s')."'";
$data->table_name = "'".$_POST["table_name"]."'";
$data->reference_id = "'".$_POST["reference_id"]."'";
$result = $cuppa->dataBase->add($cuppa->configuration->table_prefix."tables_log", $data);
echo $result;

POST request screenshot:
image

sqlmap tool screenshot
image

@tufik2 tufik2 self-assigned this Nov 12, 2018

@tufik2 tufik2 added the bug label Nov 12, 2018

@tufik2 tufik2 closed this Nov 12, 2018

@tufik2

This comment has been minimized.

Contributor

tufik2 commented Nov 12, 2018

This issue was fixed in the last commit...

@anquanfuwu

This comment has been minimized.

anquanfuwu commented Nov 13, 2018

This issue was fixed in the last commit...

thanks

@anquanfuwu

This comment has been minimized.

anquanfuwu commented Nov 20, 2018

这个问题被关闭了,能打开吗

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment