phpcms 2 0 0 8 V2 injection vulnerability 0day analysis-vulnerability warning-the black bar safety net

2011-01-25T00:00:00
ID MYHACK58:62201128938
Type myhack58
Reporter 佚名
Modified 2011-01-25T00:00:00

Description

Release date: 2011-01. 2 2 Publishing author: xhm1n9

Affected versions: Phpcms 2 0 0 8 V2 Official website:<http://www.phpcms.cn/>

Vulnerability type: SQL injection Vulnerability description: 根目录下flash_upload.php file$modelid useless in single quotation marks protection, the front is also missing the filter, the presence of injection vulnerabilities

根 目录 下 flash_upload.php //injected

require_once 'admin/model_field.class.php';

$field = new model_field($modelid);

See under class file of how to define the

class model_field

{

.........................

function __construct($modelid)

{

global $db;

$this->db = &$db;

$this->table = DB_PRE.'model_field';

$model = $this->db->get_one("SELECT * FROM ". DB_PRE."model WHERE modelid=$modelid");

You can see the$modelid useless in single quotation marks protection, the front is also missing the filter, the obvious injection vulnerability.

From: <http://x-xox-x.net/exploit/12>