Search...

PHPWIND latest version of querybuilder. class. php page, the vulnerability and the Fix-vulnerability warning-the black bar safety net

2011-08-28T00:00:00

ID MYHACK58:62201131704
Type myhack58
Reporter 佚名
Modified 2011-08-28T00:00:00

Description

Brief description: phpwind in the realization of a placeholder for the SQL process, the code quality appears a small black point. Detailed description: In phpwind/lib/utility/querybuilder.class.php _parseStatement function within the

在 /phpwind/actions/ajax/leaveword.php A reference at the Line 7 line 8 $db->update(pwQuery::buildClause("UPDATE :pw_table SET leaveword=" . S::sqlEscape($atc_content) . "$sqladd WHERE pid=:pid AND tid=:tid", array($pw_posts, $pid, $tid)));

Didn't consider the$atc_content may be a placeholder Also did not consider the pid should be a number, taken directly a string Line: 3 1

S::gp(array( 'pid', 'atc_content', 'ifmsg' ), 'P');

ResultSQL injection

But since the PW is replaced by the equal sign, replacing),cannot lead to very seriousSQL injectionvulnerabilities. When submitting pid=asd, atc_content:pid case tips Query Error: UPDATE pw_posts SET leaveword= ' 'asd' ' WHERE pid= 'asd' AND tid="

Repair solutions:

You may globally forget about the replacement for HTML entity, this can also try ：）

Official has released the patch, please upgrade

JSON Vulners Source

Initial Source

{"id": "MYHACK58:62201131704", "published": "2011-08-28T00:00:00", "type": "myhack58", "references": [], "edition": 1, "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2016-11-12T18:09:49", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-12T18:09:49", "rev": 2}, "vulnersScore": -0.2}, "cvelist": [], "modified": "2011-08-28T00:00:00", "title": "PHPWIND latest version of querybuilder. class. php page, the vulnerability and the Fix-vulnerability warning-the black bar safety net", "viewCount": 1, "description": "Brief description: \nphpwind in the realization of a placeholder for the SQL process, the code quality appears a small black point. \nDetailed description: \nIn \nphpwind/lib/utility/querybuilder.class.php \n_parseStatement function within the\n\n\u5728 /phpwind/actions/ajax/leaveword.php \nA reference at the \nLine 7 line 8 \n$db->update(pwQuery::buildClause(\"UPDATE :pw_table SET leaveword=\" . S::sqlEscape($atc_content) . \"$sqladd WHERE pid=:pid AND tid=:tid\", array($pw_posts, $pid, $tid)));\n\nDidn't consider the$atc_content may be a placeholder \nAlso did not consider the pid should be a number, taken directly a string \nLine: 3 1\n\nS::gp(array( \n'pid', \n'atc_content', \n'ifmsg' \n), 'P');\n\nResult[SQL injection](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)\n\nBut since the PW is replaced by the equal sign, replacing),cannot lead to very serious[SQL injection](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)vulnerabilities. \nWhen submitting pid=asd, atc_content:pid case tips \nQuery Error: UPDATE pw_posts SET leaveword= ' 'asd' ' WHERE pid= 'asd' AND tid=\" \n\n\nRepair solutions:\n\n\nYou may globally forget about the replacement for HTML entity, this can also try \uff1a\uff09\n\nOfficial has released the patch, please upgrade\n", "href": "http://www.myhack58.com/Article/html/3/62/2011/31704.htm", "bulletinFamily": "info", "reporter": "\u4f5a\u540d", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2016-11-12T18:09:49"}