taocms icon indicating copy to clipboard operation
taocms copied to clipboard

Published 20 hours ago verified publisher icon taogogo

SQL blind annotation exists in admin.php page of Comment function

Open Am1azi3ng opened this issue 3 years ago • 0 comments

There is SQL blind injection at Del comment Create a comment image

Log on to the background image

Grab packets and modify data when deleting comments image

image

taocms-3.0.2/admin/admin.php

image

taocms-3.0.2/include/Model/Article.php::del

image

taocms-3.0.2/include/Db/Mysql.php::delist

image

Test using the SQLMap tool

image

Am1azi3ng avatar Jan 17 '22 09:01 Am1azi3ng