search

arterli / CmsWing

一款基于Egg.js(为企业级框架和应用而生)、Sequelize和GraphQL,功能强大的(PC端,手机端和微信公众平台)电子商务平台及CMS建站系统
http://www.cmswing.com
Other
1.35k stars 451 forks source link

SQLi vulnerability in Cmswing v1.3.7 #55

Open Jason1314Zhang opened 2 years ago

Jason1314Zhang commented 2 years ago

Find a SQLi vulnerability in cmswing project version 1.3.7,Details can be found in the analysis below.

Local Test

1.Enter the background of the system, select update_channel module,then edit it.

11

2.Change behavior rule table:member|field:score|condition:id=${self} AND (select if(substr(version(),1)>0,sleep(5),1))|rule:1

2

3.Enter [System settings] - [Navigation settings], change a navigation .

3

4.Change anything, then save it.we can find sqli vulnerability.

4 6 5