Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability name:Cscms V4.1 has sqlinjection vulnerabilities Report date: 2020-10-26 Product Home: http://www.chshcms.com/down.html Software link:http://www.chshcms.com/down.html Version:v4.1
Vulnerability file:cscms4.1\plugins\sys\admin\label.php 197 lines-219 lines Vulnerability function:js_del Vulnerability param:id
public function js_del(){ $id = $this->input->get_post('id'); if(empty($id)) getjson(L('plub_04')); //删除文件 if(is_array($id)){ foreach ($id as $ids) { $row=$this->db->query("SELECT js FROM ".CS_SqlPrefix."ads where id='".$ids."'")->row(); if($row){ $jsurl='.'.Web_Path.'attachment/js/'.$row->js.'.js'; @Unlink($jsurl); } } }else{ $row=$this->db->query("SELECT js FROM ".CS_SqlPrefix."ads where id='".$id."'")->row(); if($row){ $jsurl='.'.Web_Path.'attachment/js/'.$row->js.'.js'; @Unlink($jsurl); } } $this->Csdb->get_del('ads',$id); $info['url'] = site_url('label/js').'?v='.rand(1000,9999); getjson($info,0); }
sql injection type:timebased-sqlinjection wrong answer: right answer:
The text was updated successfully, but these errors were encountered:
No branches or pull requests
1.Vulnerability summary
Vulnerability name:Cscms V4.1 has sqlinjection vulnerabilities
Report date: 2020-10-26
Product Home: http://www.chshcms.com/down.html
Software link:http://www.chshcms.com/down.html
Version:v4.1
2.Vulnerability overview
Vulnerability file:cscms4.1\plugins\sys\admin\label.php 197 lines-219 lines
Vulnerability function:js_del
Vulnerability param:id
public function js_del(){
$id = $this->input->get_post('id');
if(empty($id)) getjson(L('plub_04'));
//删除文件
if(is_array($id)){
foreach ($id as $ids) {
$row=$this->db->query("SELECT js FROM ".CS_SqlPrefix."ads where id='".$ids."'")->row();
if($row){
$jsurl='.'.Web_Path.'attachment/js/'.$row->js.'.js';
@Unlink($jsurl);
}
}
}else{
$row=$this->db->query("SELECT js FROM ".CS_SqlPrefix."ads where id='".$id."'")->row();
if($row){
$jsurl='.'.Web_Path.'attachment/js/'.$row->js.'.js';
@Unlink($jsurl);
}
}
$this->Csdb->get_del('ads',$id);
$info['url'] = site_url('label/js').'?v='.rand(1000,9999);
getjson($info,0);
}
3.vulnerability exploitation
sql injection type:timebased-sqlinjection


wrong answer:
right answer:
The text was updated successfully, but these errors were encountered: