Zen Tao 16 5 Router Class Php Sql Injection Vulnerability
Zen Tao 16 5 Router Class Php Sql Injection Vulnerability
Zen Tao 16.5 router.class.php SQL injection vulnerability
Vulnerability Description
Zen Tao 16.5 There is a SQL injection vulnerability in the router. Class.php file. The attacker can obtain sensitive database information through the vulnerability, endangering the security of the server.
Vulnerability Impact
Zen Tao 16.5
Network surveying and mapping
Vulnerability reappears
Login page
16.5 to 16.5.1 versions updated the framework/base/router.class.php file
account parameter uses the quote method to filter SQL statements
You can see that this method mainly adds escape to fields, so it can be inferred that SQL injection exists in version 16.5, and tracks debugging and testing SQL injection
Verify the POC as follows, where stack injection also exists, and the administrator password can be modified through SQL statements, etc.
1
2
3
POST /user-login.html
account=admin%27+and+%28select+extractvalue%281%2Cconcat%280x7e%2C%28select+user%28%29%29%2C0x7e%29%29%29%23
This post is licensed under CC BY 4.0 by the author.