Skip to content

Instantly share code, notes, and snippets.

@LioTree
LioTree / CVE-2024-33445.md
Last active April 28, 2024 09:10
Code injection vulnerability in hisiphp
@LioTree
LioTree / CVE-2024-33444.md
Last active April 28, 2024 09:09
SQLi vulnerability in onethink

A SSRF vulnerability in gleezcms 1.20.

If :// is present in the URL path, GleezCMS will use the cURL library to send a request specified by the attacker.

POC:

https://gleezcms.org/http%3A%2F%2Fwww.google.com
https://gleezcms.org/gopher%3A%2F%2F127%2E0%2E0%2E1%3A9000%2F%5Ftest
@LioTree
LioTree / CVE-2024-28421.md
Last active March 21, 2024 22:19
SQLi vulnerability in Razor

A SQL injection vulnerability in Razor v0.8.0.

In https://github.com/cobub/razor/blob/2c991aff4a9c83f99e77a03e26056715706f15c0/web/application/controllers/manage/autoupdate.php#L187, $description is controlled by users and has few restrictions on its format.

$this->form_validation->set_rules('description', lang('v_man_au_updateLog'), 'trim|required|xss_clean');
$this->form_validation->set_rules('versionid', lang('v_man_au_versionID'), 'trim|required|xss_clean|callback_versionid_check');
//......
  $description = $this->input->post('description');