Skip to content

Instantly share code, notes, and snippets.


Grey D victomteng1997

View GitHub Profile
victomteng1997 /
Last active Jun 7, 2021
Seo Panel 4.9.0 and below SQL Injection

Seo Panel SQL Injection Vulnerability

SeoPanel Official Website:


Latest version 4.9.0:,, or the file attached to this gist below.

vulnerability description:

In api/user.api.php, the function getUserName directly calls function __checkUserName in controllers/user.ctrl.php file without filtering on variables. Attacker can pass arbitrary string to username variable through $info. This allows injection to the __checkUsername function directly:

victomteng1997 /
Last active Jun 3, 2021
GilaCMS XSS (latest version below 2.1.0)
victomteng1997 /
Last active Jun 2, 2021
Gila CMS v2.0.1 Unrestricted File Deletion

Gila CMS (, v2.0.1 below is vulenrable to an arbitrary file deletion attack, where attacker can delete arbitrary files from the remote server by sending a malicious crafted GET request. In this version, a previous unrestricted file upload vulnerability ( is patched, but the webapp is still vulnerable.

Take Gila CMS v2.0.1 ( as example: The vulenrable component is at src/core/classes/Session.php:

if (isset($_COOKIE['GSESSIONID'])) {
        if (!file_exists(LOG_PATH.'/sessions/'.$_COOKIE['GSESSIONID'])) {
          User::metaDelete(self::userId(), 'GSESSIONID', $_COOKIE['GSESSIONID']);
victomteng1997 /
Last active Jun 1, 2021
Gila CMS Unrestricted File Upload (<2.0.1)

Gila CMS ( is an opensource CMS webapp. A vulnerability is found to upload arbitrary file by Gila CMS Session component for versions before 2.0.1, which may result in more serious issue.

Here we take Gila version 1.5.3 as example: Versions below 2.0.0 (including) are tested.

The problem is at Session.php:, where the path is not properly filtered when saving session files. User can then pass data through User-Agent parameter and Cookie parameter.

  public static function createFile($gsession)
    $data = [
victomteng1997 /
Last active Apr 5, 2021
Two CSRF vulnerabilities identified at Rukovoditel Project Management App

The official github of the project is:, but hasn't been updated for a long time. The source code of the software can be downloaded at:

Vulnerabilities description

  1. Attacker may exploit the CSRF vulenrability to add user with admin privilege. Process: (1) Admin login to his own account with correct credential. (2) The advesary crafts the following web page with an username "admin2" and password "admin2", and hosts it online.