Skip to content

Bluecms V1.6 has SQL injection in line 132 of admin/area.php #3

Open
@seizer-zyx

Description

Bluecms_v1.6

Download

http://lp.downcode.com/j_14/j_14745_bluecms.rar

vulnerability code:

in admin/area.php line 36:
2022-07-26-16-58-55-image
Line 36 of admin/area.php is not heavily filtered, and insert at line 47 allows injection
Single quotes cannot be injected because the argument passed in is get_magic_quotes_gpc()
However, we found the use code GB2312 in the returned response header
image
image
So we can do wide-byte injection here
payload: area_name=0%df',0,0,0,0),(0,@@Version,0,0,0,0)%23&parentid=0&show_order=0&act=doadd
2022-07-26-17-14-52-image
2022-07-26-17-15-03-image
Successful injection!

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions