Logo BoYun PHPCMS in file application/update/controller/Server.php has a SQL injection vuln

BoYun PHPCMS in file application/update/controller/Server.php has a SQL injection vuln

BUG_Author:

YELEIPENG

 

Affected version:

≤1.4.20

 

Vendor:

https://www.boyunweb.cn/

 

Software:

https://www.boyunweb.cn/pc/index57/index/classid/26/id/42.html

 

Vulnerability File:

  • /application/update/controller/Server.php

 

Description:

1.We have to decode application/update/controller/Server.php.

Article Image
Article Image

It looks like that we can pass param phone to the SQL query directly.

It may be a legacy code for test, but forget to delete.

2. And now we can use SQLMAP to test it.

sqlmap -u "http://byphpcms1.lab.wetolink.com/update/server/check_date?sn=1"
Article Image
Article Image
Article Image