4.2K Star 24.6K Fork 7K

GVP铭飞/MCMS

 / 详情

Mingsoft MCMS v5.2.9 SQL后台注入

Done
Opened this issue  
2022-10-21 18:38

后台比较多的功能都include 了 sqlwhere
<include refid="net.mingsoft.base.dao.IBaseDao.sqlWhere"></include>
输入图片说明

而在sqlWhere里面,对field字段名是直接引入的
输入图片说明

举例在比如在文章内容使用条件筛选功能
http://localhost:8080/ms/cms/content/list.do
输入图片说明
输入图片说明

field 改为 if条件语句
输入图片说明
遍历查询出数据库用户
输入图片说明

建议
1、对所有field的字段做白名单
2、或者加入filter,过滤特殊字符,只保留 a-zA-Z下划线

Comments (0)

melodyzxb created任务
melodyzxb changed description
melodyzxb changed description
铭飞 changed issue state from 待办的 to 进行中
铭飞 changed issue state from 进行中 to 已完成
铭飞 set milestone to 5.2.10
Expand operation logs

Sign in to comment

Status
Assignees
Milestones
Pull Requests
Successfully merging a pull request will close this issue.
Branches
Planed to start   -   Planed to end
-
Top level
Priority
参与者(1)
Java
1
https://gitee.com/mingSoft/MCMS.git
git@gitee.com:mingSoft/MCMS.git
mingSoft
MCMS
MCMS

Search