Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bluecms V1.6 has SQL injection in line 55 of admin/model.php #2

Open
seizer-zyx opened this issue Jul 26, 2022 · 0 comments
Open

Bluecms V1.6 has SQL injection in line 55 of admin/model.php #2

seizer-zyx opened this issue Jul 26, 2022 · 0 comments

Comments

@seizer-zyx
Copy link
Owner

Download

http://lp.downcode.com/j_14/j_14745_bluecms.rar

vulnerability code:

in admin/model.php line 55:
image
There is numeric injection for $_GET['model_id']
Because there is no echo, you can blind SQL injection with sleep()
payload: act=del&model_id=sleep(1)
image
sleep () is executed based on the server response speed
Use exp to get the database version number
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant