Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
13 lines (12 sloc) 794 Bytes

ZZCMS v8.3 SQL injection in /user/jobmanage.php via bigclass parameter

CMS version

zzcms 8.3 Download link:http://www.zzcms.net/about/6.htm

Vulnerability location

By default, the ZZCMS framework performs security filtering on the $_GET request and the $_POST request parameter via the addslashes() function. But /user/jobmanage.php in line 42-47,the parameter bigclass comes from $_REQUEST function that can bypass ZZCMS security filtering lead to SQL injection.

Vulnerability trigger condition

Trigger the SQL injection vulnerability when a user logs in and visit the user/jobmanage.php

POC

You can’t perform that action at this time.