admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-06-21 10:21:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞

Browse Source
This commit is contained in:
mr-xn 2019-09-17 21:29:25 +08:00
parent 5f0cbdbcb0
commit 9e5418396c
1 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞.md Normal file
View File

@ -0,0 +1,39 @@
## 前言
CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞
## 漏洞简介
Ethan发现FlameCMS 3.3.5 后台登录处存在sql注入漏洞
## 漏洞危害
后台登录处存在sql注入漏洞可以通过`sqlmap`直接跑出所有表
## 影响范围
### 产品
> FlameCMS
### 版本
> FlameCMS 3.3.5 版本
### 组件
> FlameCMS
## 漏洞复现
访问后台登陆处抓包`http://127.0.0.1:8888/FlameCMS-master/account/login.php`
![](img/27.png)
然后把抓取的post包放进sqlmap跑成功使用盲注跑出
![](img/28.png)
![](img/29.png)
![](img/30.png)