大汉jcms 注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 大汉jcms 注入漏洞 ### 详细说明: jcms.blf.user.CatalogBlf.class ``` public boolean doDelete(String strId) { boolean flag = false; String strSql = "SELECT i_id FROM wap_cataloginfo WHERE i_parentid IN(" + strId + ") OR i_id IN(" + strId + ")";//这里的strid没过滤 String[][] arrAnswer = Manager.doQuery(this.strAppID, strSql); if (arrAnswer != null) { StringBuffer sbId = new StringBuffer(arrAnswer.length * 2); for (int i = 0; i < arrAnswer.length; i++) { sbId.append(arrAnswer[i][0]); sbId.append(","); } ``` 调用文件 m_5_d/opr_wap_col.jsp ``` }else if("D".equals(strBillStatus)) { boolean flag=false; String strid = Convert.getParameter(request,"strid"); StringBuffer sbScript = new StringBuffer(); flag = catalogblf.doDelete(strid);//妥妥的注入漏洞 if(flag)/ { String [] arrid = strid.split(","); for(int i=0;i<arrid.length;i++) ``` ### 漏洞证明: 打开www.sihong.gov.cn/jcms/m_5_d/opr_wap_col.jsp?strid=122222222&fn_billstatus=D 返回时间正常 打开http://www.sihong.gov.cn/jcms/m_5_d/opr_wap_col.jsp?strid=122222222);WAITFOR...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息