Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some SQL injection vulnerabilities exists in JFinal CMS 5.1.0 #52

Open
So4ms opened this issue Aug 9, 2022 · 0 comments
Open

Some SQL injection vulnerabilities exists in JFinal CMS 5.1.0 #52

So4ms opened this issue Aug 9, 2022 · 0 comments

Comments

@So4ms
Copy link

So4ms commented Aug 9, 2022

Administrator login is required. The default account password is admin:admin123

admin/videoalbum/list

There is a SQLI vul in background mode.The route is as following

image-20220809173719466

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/videoalbum/list

image-20220809173732745

admin/video/list

There is a SQLI vul in background mode.The route is as following

image-20220809173822633

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/video/list

image-20220809173835144

system/department/list

There is a SQLI vul in background mode.The route is as following

image-20220809173912226

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route system/department/list

image-20220809173923320

system/menu/list

There is a SQLI vul in background mode.The route is as following

image-20220809174004298

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route system/menu/list

image-20220809174015340

system/role/list

There is a SQLI vul in background mode.The route is as following

image-20220809174057768

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route system/role/list

image-20220809174108907
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@So4ms