DuomiCms X1.0 variable coverage vulnerability reappears

Enterprise 2023-09-30 12:31:42 views: null

1.Cause of vulnerability

The vulnerability lies in line 52 of /domiphp/common.php

The above code processes the user's get, post, and cookie parameters, using the above parameter names as variable names and parameter values as variable values. This leads to a possible variable coverage vulnerability (the function on the right is to escape double quotes and single quotes)

2. Exploiting vulnerabilities

Try to customize the session

First, insert the stub to view the administrator session

Find some pages that reference vulnerable files

for example

/interface/comment.php

Construct poc:

?_SESSION[duomi_ckstr]=jcfe&_SESSION[duomi_admin_id]=1&_SESSION[duomi_group_id]=1&_SESSION[duomi_admin_name]=admin

Successfully log in to the backend after visiting

Guess you like

Origin blog.csdn.net/weixin_51681694/article/details/130312289

DuomiCms X1.0 variable coverage vulnerability reappears

[Vulnerability] DuomiCMS_3.0 practice -Day14 variable coverage holes caused by command execution

Variable coverage vulnerability and download vulnerability

YxtCMF SQL injection vulnerability reappears

Fastjson 1.2.24 deserialization vulnerability reappears

JBoss 5.x/6.x deserialization vulnerability reappears (CVE-2017-12149)

CVE-2021-45232 vulnerability reappears

Hongfan OA SQL injection vulnerability reappears

Wechat 0day vulnerability reappears

phpMyAdmin 4.8.1 local file inclusion vulnerability reappears

Weblogic (weak_password) vulnerability reappears

springboot unauthorized vulnerability (vulnerability reappears Springboot unauthorized access and repair)

-Extract variable code audit coverage

Fastjson remote code execution (CNVD-2019-22238) vulnerability reappears

CVE-2022-24112 Apache APISIX Command Execution Vulnerability Reappears

Nftables stack overflow vulnerability (CVE-2022-1015) reappears

【CVE-2020-13935】Tomcat denial of service vulnerability reappears

CVE-2022-0847 DirtyPipe Privilege Escalation Vulnerability Reappears

CVE-2017-7921 Hikvision camera vulnerability reappears

CVE-2020-27986 (SonarQube sensitive information disclosure) vulnerability reappears

Windows 10-CVE-2020-0796 Vulnerability Reappears

COSCO Kirin Fortress Machine SQL Injection Vulnerability Reappears

Zhiyuan OA M1-Server RCE Vulnerability Reappears

Sangfor data center management system XXE vulnerability reappears

Vulnerability in file upload of Yisi Intelligent Logistics unattended system reappears

Hikvision iVMS integrated security system arbitrary file upload vulnerability reappears

[Nacos unauthorized access vulnerability (CVE-2021-29441) reappears]

ActiveMQ Jolokia code execution vulnerability (CVE-2022-41678) reappears

Apache Log4j2 RCE vulnerability reappears

DuomiCms X1.0 变量覆盖漏洞复现

Recommended

Apache Doris version 2.0.10 is officially released!

Open Source Daily | Big models go to war; big model unicorns are revealed to be selling themselves; Zhou Hongyi suggests that Google open source all its products; the largest open source AI community provides $10 million to share GPUs

Ranking

JS inheritance and monitoring

[ProblemSolving][Ubuntu][LyX] The selected document class ... requires external files that are not available...

Java threads sharing static variable

balancap/SSD-Tensorflow使用及训练预测自己的数据集

Detailed core ES6

JS --- reverse traversal achieved Array array, the array is connected string

How to Uninstall (or Reinstall) Windows 10’s Ubuntu Bash Shell

Linux modify the hostname method

Charging Specification BC v1.2

node的性能和java对比分析

Daily

2024-05-17(6)

2024-05-16(23)

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)