Headline
CVE-2022-2726: semcms/README.md at main · G0mini/semcms
A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205839.
semcms --SQL injection exists****View protection mechanism
Ant_ Check.php. Only get protection is provided here. There are also some intercepted characters.
Well, the idea is obvious, either bypass or find$_ Post and$_ REQUEST。
SQL injection
Global search$_ Post, an ant is found_ The response.php page contains a did parameter.
See which page calls ant_ Response.php。
Find ant_ Inc.php calls to. Continue to check who called ant_ Inc.php。
Find ant_ Banner.php called ant_ Inc.php。
The did parameter is used when deleting.
verification
Although it is in the background, I can delete cookies.