A lightweight php framework full-Station injection-vulnerability warning-the black bar safety net

2013-01-21T00:00:00
ID MYHACK58:62201336824
Type myhack58
Reporter 佚名
Modified 2013-01-21T00:00:00

Description

http://www.cephp.com/

Baidu search lightweight php framework, the first one is this CEPHP, hand cheap under test actually exists injection, download the source code and actually found the whole Station involved in the database operation of all the presence of injection, the variable is completely without any filtering. Speechless. Screenshots see the following:

1, The 主要 文件 demo\M\User\student.php

!

Processing is parameter is not filtered into the Mdb->find the function for processing, you can see the Mdb, inherited from the M_User_Student will eventually be positioned to Cemvc\Db\MysqlDb. php file, the function is as follows:

!

The database query statement nor is there any processing and... Injection produce

http://www.cephp.com/search/1'%20AND%2 0(SELECT%2 0 7 5 5 2%20FROM(SELECT%20COUNT(),CONCAT(0x3a666f613a,(SELECT%2 0(CASE%20WHEN%2 0(7 5 5 2=7 5 5 2)%20THEN%2 0 1%20ELSE%2 0 0%20END)),0x3a71777a3a,FLOOR(RAND(0)2))x%20FROM%20INFORMATION_SCHEMA. CHARACTER_SETS%20GROUP%20BY%20x)a)%20AND%2 0'PUWw'='PUWw

!

!