Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is SQL blind injection at "Management article" #11

Open
win1498419293 opened this issue Dec 11, 2021 · 0 comments
Open

There is SQL blind injection at "Management article" #11

win1498419293 opened this issue Dec 11, 2021 · 0 comments

Comments

@win1498419293
Copy link

1.The location of the vulnerability is line 59 in taocms\include\Model\Cms.php, and the incoming sql statement in the update() method does not use intval to process id
The location of the vulnerability is line 59 in taocms\include\Model\Cms.php, and the incoming sql statement in the update() method does not use intval to process id
image

2.Log in to the background as the default account admin.
image
image
3.You can see action=cms&ctrl=update&id=26, this id is the id in the update method in the Cms.php file
image
image
image
3.Test using the SQLMap tool
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant