To demonstrate this vuln, follow three steps below.
First, Get the key
Metinfo disclosure the key by /config/config_safe.php
Then, encrypt the payload
Metinfo7.0 Use encrypt email to check email valid.
We can see after decode the data, It pass the email to get_user_by_email function
Then get_user_by_email function pass it to get_user_by_emailid function
Finally, It cause sql injection.
We have the key, and we know the way to encrypt data. As below
Vulnerability Name: Metinfo7.0.0beta CMS SQL Injection
Product Homepage: https://www.metinfo.cn/
Software link: https://u.mituo.cn/api/metinfo/download/7.0.0beta
Version: V7.0.0
To demonstrate this vuln, follow three steps below.
First, Get the key
Metinfo disclosure the key by /config/config_safe.php

Then, encrypt the payload
Metinfo7.0 Use encrypt email to check email valid.



We can see after decode the data, It pass the email to get_user_by_email function
Then get_user_by_email function pass it to get_user_by_emailid function
Finally, It cause sql injection.
We have the key, and we know the way to encrypt data. As below
Finally, send the payload
(You should encrypt the data first)
The text was updated successfully, but these errors were encountered: