CVE-2017-17731 PoC — Desdev DedeCMS SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-17731.yaml

Associated Vulnerability

Title:Desdev DedeCMS SQL注入漏洞 (CVE-2017-17731)
Description:Desdev DedeCMS（织梦内容管理系统）是中国卓卓网络（Desdev）科技有限公司的一套开源的集内容发布、编辑、管理检索等于一体的PHP网站内容管理系统（CMS）。 Desdev DedeCMS 5.7及之前的版本中存在SQL注入漏洞。远程攻击者可利用该漏洞执行SQL命令。

Description

DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.

File Snapshot


 id: CVE-2017-17731

info:
  name: DedeCMS 5.7 - SQL Injection
  author: j4vaovo
  severity: critical

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!