Shoot off piikee auction website system injection vulnerability and fix-vulnerability warning-the black bar safety net

2012-05-01T00:00:00
ID MYHACK58:62201233770
Type myhack58
Reporter 佚名
Modified 2012-05-01T00:00:00

Description

Because there are no manufacturers, just write a bidding system to it, came out good to With this system webmasters mind you.

The system is called: shoot off piikee auction website system

Why say 2B? The reception is all the files the parameter values are such, we see this code

news_arc.php

<? php

define('IN_JP',true);

require_once("./ config/init.php");

$arcid = $_REQUEST["arcid"];

if($arcid!="") {

$qrynews2 = "select * from news where id = ".$ arcid;

$objnews2=$GLOBALS['db']->get_one($qrynews2);

}else{

$objnews2="";

} www.xxx.com

$qrycount = "select w. id,r. username,w. won_date,p. name,a. auc_final_price,a. auctionID,p. picture1,p. price,(100-100*a. auc_final_price/p. price) as discount,a. auctionID from won_auctions w left join auction a on w. auction_id=a. auctionID left join products p on a. productID=p. productID inner join registration r on w. userid = r. id where w. userid>=0 order by w. won_date desc limit 0,7 ";

$obj1 = $GLOBALS['db']->select($qrycount);

$smarty->assign("obj1",$obj1);

$smarty->assign("objnews2",$objnews2);

$smarty->display('news_arc.htm');

?& gt;

Estimate the programmers hurried home to have children, make do with writing.

Vulnerability proof: factor the database password is in plain text storage, which would save a hack or something, specifically in the siteadmin/addadminmember. php in the view.

Get a shell?

See what is hosting, iis6 or Apache, then, in the advertising Management Service;document and%of the upload.

Repair solutions:

This program have to rewrite it.

Author piaoye