Webshell upload via SQL Injection at admin page

magicblack / maccms10

苹果cms官网,苹果cmsv10,maccmsv10,麦克cms,开源cms,内容管理系统,视频分享程序,分集剧情程序,网址导航程序,文章程序,漫画程序,图片程序

Other

2.27k stars 781 forks source link

Closed dmbs335 closed 1 year ago

dmbs335 commented 1 year ago

Vulnerability Type：SQL injection Vulnerability level：Medium risk ~ High risk Affected version：v2021.1000.1081<=v2023.1000.3051 Vulnerability location：https://github.com/magicblack/maccms10/blob/master/application/admin/controller/Database.php#L258

Login to the admin page
Although there is code that filters ' outfile' strings and check whether sql query starts with 'select' string, both of them could be easily bypassable by using multi line comment of SQL

magicblack commented 1 year ago

感谢反馈。此处为未完成功能~