We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability name:Cscms V4.1 has sqlinjection vulnerabilities Report date: 2020-10-26 Product Home: http://www.chshcms.com/down.html Software link:http://www.chshcms.com/down.html Version:v4.1
Vulnerability file:cscms4.1\plugins\sys\admin\label.php 332 lines-356 lines Vulnerability function:page_del Vulnerability param:id
public function page_del(){ $id = $this->input->get_post('id'); if(empty($id)) getjson(L('plub_04'));//参数错误
//删除文件 if(is_array($id)){ foreach ($id as $ids) { $row=$this->db->query("SELECT sid,url FROM ".CS_SqlPrefix."page where id='".$ids."'")->row(); if($row && $row->sid==1){ $html='.'.$row->url; @unlink($html); } } }else{ $row=$this->db->query("SELECT sid,url FROM ".CS_SqlPrefix."page where id='".$id."'")->row(); if($row && $row->sid==1){ $html='.'.$row->url; @unlink($html); } } $this->Csdb->get_del('page',$id); $info['url'] = site_url('label/page').'?v='.rand(1000,9999); getjson($info,0); }
sql injection type:timebased-sqlinjection wrong answer: right answer:
The text was updated successfully, but these errors were encountered:
No branches or pull requests
1.Vulnerability summary
Vulnerability name:Cscms V4.1 has sqlinjection vulnerabilities
Report date: 2020-10-26
Product Home: http://www.chshcms.com/down.html
Software link:http://www.chshcms.com/down.html
Version:v4.1
2.Vulnerability overview
Vulnerability file:cscms4.1\plugins\sys\admin\label.php 332 lines-356 lines
Vulnerability function:page_del
Vulnerability param:id
public function page_del(){
$id = $this->input->get_post('id');
if(empty($id)) getjson(L('plub_04'));//参数错误
3.vulnerability exploitation
sql injection type:timebased-sqlinjection
wrong answer:
right answer:
The text was updated successfully, but these errors were encountered: