phpweb finished website for the latest version upload, injection vulnerability-vulnerability warning-the black bar safety net

2012-10-26T00:00:00
ID MYHACK58:62201235305
Type myhack58
Reporter 佚名
Modified 2012-10-26T00:00:00

Description

Software version: V2. 0. 5 / 2 0 1 2 0 4 1 2

Commercial free software

Official website: www.phpweb.net

漏洞 文件 :search/module/search.php

/search/index. php? key=1&myord=1 [sqlinjection]

<? php // ... Omitted line n... //Paragraph 1 Line 8: $key=htmlspecialchars($_GET["key"]); //just a simple character HTML entity encoding , mysql injection is not affected by this $page=htmlspecialchars($_GET["page"]); $myord=htmlspecialchars($_GET["myord"]);

// ... Omitted line n... $key,$myord two parameters into the query //The first 4 7 row $key:

$fsql->query("select count(id) from {P}_news_con where iffb='1' and catid!=' 0' and (title regexp '$key' or body regexp '$key')"); //although brought into the query but using the regexp don't know how to bypass..

//The 1 9 7 row $myord $fsql->query($scl . "order by $myord desc limit $pagelimit "); produces the injection

?>

[1] [2] [3] next