taoCMS is an incredible tiny CMS( Content Management System) , writen in PHP and support MySQL/Sqlite as the database(MIT License)
60
stars
21
forks
source link
SQL blind annotation exists in admin.php page of Comment function #24
Open
Am1azi3ng opened 2 years ago
There is SQL blind injection at Del comment Create a comment
Log on to the background
Grab packets and modify data when deleting comments
taocms-3.0.2/admin/admin.php
taocms-3.0.2/include/Model/Article.php::del
taocms-3.0.2/include/Db/Mysql.php::delist
Test using the SQLMap tool