Cscms V4.1 has sqlinjection vulnerability(1) #8

longlonglongname · 2020-10-26T07:07:29Z

1.Vulnerability summary

Vulnerability name：Cscms V4.1 has sqlinjection vulnerabilities
Report date: 2020-10-26
Product Home: http://www.chshcms.com/down.html
Software link:http://www.chshcms.com/down.html
Version:v4.1

2.Vulnerability overview

Vulnerability file:cscms4.1\plugins\sys\admin\label.php 332 lines-356 lines
Vulnerability function：page_del
Vulnerability param:id

public function page_del(){
$id = $this->input->get_post('id');
if(empty($id)) getjson(L('plub_04'));//参数错误

	//删除文件
	if(is_array($id)){
	   foreach ($id as $ids) {
		    $row=$this->db->query("SELECT sid,url FROM ".CS_SqlPrefix."page where id='".$ids."'")->row();
		    if($row && $row->sid==1){
                $html='.'.$row->url;
		        @unlink($html);
		    }
	   }
	}else{
		    $row=$this->db->query("SELECT sid,url FROM ".CS_SqlPrefix."page where id='".$id."'")->row();
		    if($row && $row->sid==1){
                $html='.'.$row->url;
		        @unlink($html);
		    }
	}

	$this->Csdb->get_del('page',$id);
    $info['url'] = site_url('label/page').'?v='.rand(1000,9999);
    getjson($info,0);
}

3.vulnerability exploitation

sql injection type：timebased-sqlinjection
wrong answer:

right answer:

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cscms V4.1 has sqlinjection vulnerability(1) #8

Cscms V4.1 has sqlinjection vulnerability(1) #8

longlonglongname commented Oct 26, 2020 •

edited

Loading

Cscms V4.1 has sqlinjection vulnerability(1) #8

Cscms V4.1 has sqlinjection vulnerability(1) #8

Comments

longlonglongname commented Oct 26, 2020 • edited Loading

1.Vulnerability summary

2.Vulnerability overview

3.vulnerability exploitation

longlonglongname commented Oct 26, 2020 •

edited

Loading