WBCE / WBCE_CMS

Core package of WBCE CMS. This package includes the core and the default addons. Visit https://wbce.org (DE) or https://wbce-cms.org (EN) to learn more or to join the WBCE CMS community.

https://wbce-cms.org

GNU General Public License v2.0

31 stars 22 forks source link

SQL injection account/confirm.php id parameter exists time blind injection #527

Closed wanan0red closed 1 year ago

wanan0red commented 1 year ago

SQL injection account/confirm.php id parameter exists time blind injection

poc

http://stu/account/confirm.php?id=12345678901234567890123456789012'+or+sleep(5)%23

final sql statement

Repair plan

framework/Accounts.php#userIdFromConfirmcode()

instantflorian commented 1 year ago

Thank you very much for reporting the issue and providing a fix. Confirmed and fixed with 69736d3d55c9171dca21412480aa2e4f11b4bf62