Wuzhicms v4.1.0 /coreframe/app/order/admin/index.php hava a SQL Injection Vulnerability
Someone has submitted a SQL injection vulnerability in the file /coreframe/app/order/admin/index.php before (#175), but I found that in addition to the $flag parameter, it can be injected In addition, the $keyValue parameter can also be injected!
Multiple SQL injection vulnerabilities exist in wuzhicms v4.1.0
Allows attackers to execute arbitrary SQL commands via the $keyValue parameter in the (1) / core / APP / order / admin / index.php file and the $keyValue parameter in the (2) / core / APP / pay / admin / index.php file.
https://github.com/wuzhicms/wuzhicms/issues/198
Vulnerability verification process(https://github.com/wuzhicms/wuzhicms/issues/198)
Use sql injection to elevate permissions and write webshell
Individual
The text was updated successfully, but these errors were encountered:
tcyba
changed the title
There are 3 SQL injections in Wuzhicms v4.1.0 background
1
Sep 13, 2021
There are 3 SQL injections in Wuzhicms v4.1.0 background
one
Wuzhicms v4.1.0 /coreframe/app/pay/admin/index.php hava a SQL Injection Vulnerability
Vulnerability file:
/coreframe/app/pay/admin/index.php 30-98the
$keyValueparameter is not strictly filtered, causingSQLinjection vulnerabilities!POC
two
The second
SQLinjection and the firstSQLinjection are in a different function in the same file!Wuzhicms v4.1.0 /coreframe/app/pay/admin/index.php hava a SQL Injection Vulnerability
Vulnerability file:
/coreframe/app/pay/admin/index.php 244-289Set
$keyType=uidand$keyValueto be controllable.the
$keyValueparameter is not strictly filtered, causingSQLinjection vulnerabilities!POC
three
Wuzhicms v4.1.0 /coreframe/app/order/admin/index.php hava a SQL Injection Vulnerability
Someone has submitted a
SQLinjection vulnerability in the file/coreframe/app/order/admin/index.phpbefore (#175), but I found that in addition to the$flagparameter, it can be injected In addition, the$keyValueparameter can also be injected!Vulnerability file:
coreframe/app/order/admin/index.php 22-87Set
$fieldtype=1 and$keyValueto be controllable.the
$keyValueparameter is not strictly filtered, causingSQLinjection vulnerabilities!POC
The text was updated successfully, but these errors were encountered: