Now the cms most is mvc architecture i.e. model+view+cotroll the.
Receiving and processing the parameters in the c layer, with database interaction is in the m layer, the page showed in the v layer. Structured can be better for auditing. Here I mainly find thatsql injectionvulnerabilities. Injection vulnerability causes is because there is no to pass the incoming parameters to filter.
The first is a white box
In this CMS, for example,, applicationwww folder inside of something is a controll layer. With netbeans after loading project right-click the www folder to search for$_GET [,$_POST [to,$_COOKIE [in,$_REQUEST [view receiving what parameters. Here only the$_REQUEST results）
| 1 | $smdirid = trim($_REQUEST["id"]). trim($_REQUEST["pageNum"]); ---|---
2 | $GLOBALS['Templ'] -> cache_dir = ROOT_PATH.$ GLOBALS['cache_path'].’/’.$ GLOBALS['Helpe'] -> buildsmartydir( $typeu = ‘n’,$smdirid); ---|---
Did not see the familiar select statement, then look at buildsmartydir this function definition. Click buildsmartydir highlighted after Ctrl+B go to Declaration.
While viewing the web page visible on the connection. http://127.0.0.1/?load=art&act=detail&id=1 0, so I chose art. php for analysis.