There is SQL blind injection at "Article search"(Column administrator authority)

taogogo / taocms

taoCMS is an incredible tiny CMS( Content Management System) , writen in PHP and support MySQL/Sqlite as the database(MIT License)

MIT License

60 stars 21 forks source link

Closed ddddbhm closed 3 years ago

ddddbhm commented 3 years ago

First, we enter the background and use the column administrator admin1 we created:

We click in order and grab packets:

There is a SQL blind injection vulnerability in the location of name:

POC:/admin/admin.php?name=s%"+and+"sca%"="&cat=0&status=&action=cms&ctrl=lists&submit=%E6%9F%A5%E8%AF%A2

taogogo commented 3 years ago

3.0.1 fixed, thanks for your contribution