Open
Description
Bluecms_v1.6
Download
http://lp.downcode.com/j_14/j_14745_bluecms.rar
vulnerability code:
in admin/area.php line 36:

Line 36 of admin/area.php is not heavily filtered, and insert at line 47 allows injection
Single quotes cannot be injected because the argument passed in is get_magic_quotes_gpc()
However, we found the use code GB2312 in the returned response header


So we can do wide-byte injection here
payload: area_name=0%df',0,0,0,0),(0,@@Version,0,0,0,0)%23&parentid=0&show_order=0&act=doadd


Successful injection!
Metadata
Assignees
Labels
No labels