jflyfox / jfinal_cms

jfinal cms是一个java开发的功能强大的信息咨询网站,采用了简洁强大的JFinal作为web框架,模板引擎用的是beetl,数据库用mysql,前端bootstrap框架。支持oauth2认证、帐号注册、密码加密、评论及回复,消息提示,网站访问量统计,文章评论数和浏览量统计,回复管理,支持权限管理。后台模块包含:栏目管理,栏目公告,栏目滚动图片,文章管理,回复管理,意见反馈,我的相册,相册管理,图片管理,专辑管理、视频管理、缓存更新,友情链接,访问统计,联系人管理,模板管理,组织机构管理,用户管理,角色管理,菜单管理,数据字典管理。
http://mtg.jflyfox.com/
Apache License 2.0
628 stars 285 forks source link

Some SQL injection vulnerabilities exists in JFinal CMS 5.1.0 #51

Open So4ms opened 2 years ago

So4ms commented 2 years ago

Administrator login is required. The default account password is admin:admin123

admin/article/list

There is a SQLI vul in background mode.The route is as following

image-20220809171242344

vulnerable argument passing is as following

image-20220809171314338

Successful injection at route admin/article/list

image-20220809171414154

admin/article/list_approve

There is a SQLI vul in background mode.The route is as following

image-20220809171803284

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/article/list_approve

image-20220809171856633

admin/comment

There is a SQLI vul in background mode.The route is as following

image-20220809172139669

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/comment/list

image-20220809172210795

admin/contact/list

There is a SQLI vul in background mode.The route is as following

image-20220809172322680

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/contact/list

image-20220809172310037

admin/foldernotice/list

There is a SQLI vul in background mode.The route is as following

image-20220809172537960

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/foldernotice/list

image-20220809172749368

admin/folderrollpicture/list

There is a SQLI vul in background mode.The route is as following

image-20220809172848024

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/folderrollpicture/list

image-20220809172859284

admin/friendlylink/list

There is a SQLI vul in background mode.The route is as following

image-20220809172925523

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/friendlylink/list

image-20220809172951451

admin/imagealbum/list

There is a SQLI vul in background mode.The route is as following

image-20220809173144022

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/imagealbum/list

image-20220809173200483

admin/image/list

There is a SQLI vul in background mode.The route is as following

image-20220809173242795

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/image/list

image-20220809173310304

admin/site/list

There is a SQLI vul in background mode.The route is as following

image-20220809173621504

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/site/list

image-20220809173635288