Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some SQL injection vulnerabilities exists in JFinal CMS 5.1.0 #51

Open
So4ms opened this issue Aug 9, 2022 · 0 comments
Open

Some SQL injection vulnerabilities exists in JFinal CMS 5.1.0 #51

So4ms opened this issue Aug 9, 2022 · 0 comments

Comments

@So4ms
Copy link

So4ms commented Aug 9, 2022
edited
Loading

Administrator login is required. The default account password is admin:admin123

admin/article/list

There is a SQLI vul in background mode.The route is as following

image-20220809171242344

vulnerable argument passing is as following

image-20220809171314338

Successful injection at route admin/article/list

image-20220809171414154

admin/article/list_approve

There is a SQLI vul in background mode.The route is as following

image-20220809171803284

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/article/list_approve

image-20220809171856633

admin/comment

There is a SQLI vul in background mode.The route is as following

image-20220809172139669

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/comment/list

image-20220809172210795

admin/contact/list

There is a SQLI vul in background mode.The route is as following

image-20220809172322680

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/contact/list

image-20220809172310037

admin/foldernotice/list

There is a SQLI vul in background mode.The route is as following

image-20220809172537960

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/foldernotice/list

image-20220809172749368

admin/folderrollpicture/list

There is a SQLI vul in background mode.The route is as following

image-20220809172848024

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/folderrollpicture/list

image-20220809172859284

admin/friendlylink/list

There is a SQLI vul in background mode.The route is as following

image-20220809172925523

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/friendlylink/list

image-20220809172951451

admin/imagealbum/list

There is a SQLI vul in background mode.The route is as following

image-20220809173144022

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/imagealbum/list

image-20220809173200483

admin/image/list

There is a SQLI vul in background mode.The route is as following

image-20220809173242795

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/image/list

image-20220809173310304

admin/site/list

There is a SQLI vul in background mode.The route is as following

image-20220809173621504

vulnerable argument passing is as following

image-20220809171314338

Successfully injected at route admin/site/list

image-20220809173635288
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@So4ms