Skip to content

EmpireCMS v7.5 has sql injection vulnerability #5

Open
@xunyang1

Description

Brief of this vulnerability

EmpireCMS v7.5 has sql injection vulnerability in adding advertisement category

Test Environment

  • Windows10
  • PHP 5.5.9+Apache/2.4.39

Affect version

EmpireCMS 7.5

Vulnerable Code

e\admin\tool\AdClass.php line 30

The variable $add passed in by the AddAdClass function is inserted into the sql statement without any filtering, resulting in a sql injection vulnerability

image-20220401160151356

Vulnerability display

First enter the background

image-20220401160307629

Click as shown,go to the ad management module

image-20220401160403947

Click to add and capture the packet

image-20220401160426984

image-20220401160506856

Modify parameters
payload:add%5Bclassname%5D=2bob' or updatexml(1,concat(0x7e,version()),0) or '

image-20220401160558820

Successfully obtained the database version number

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions