GV32-CMS Code of audit records-vulnerability warning-the black bar safety net

ID MYHACK58:62201341116
Type myhack58
Reporter 佚名
Modified 2013-11-02T00:00:00


Now the cms most is mvc architecture i.e. model+view+cotroll the.

Receiving and processing the parameters in the c layer, with database interaction is in the m layer, the page showed in the v layer. Structured can be better for auditing. Here I mainly find thatsql injectionvulnerabilities. Injection vulnerability causes is because there is no to pass the incoming parameters to filter.

The first is a white box

! sj1

In this CMS, for example,, applicationwww folder inside of something is a controll layer. With netbeans after loading project right-click the www folder to search for$_GET [,$_POST [to,$_COOKIE [in,$_REQUEST [view receiving what parameters. Here only the$_REQUEST results)

| 1 | $smdirid = trim($_REQUEST["id"]). trim($_REQUEST["pageNum"]); ---|---

2 | $GLOBALS['Templ'] -> cache_dir = ROOT_PATH.$ GLOBALS['cache_path'].’/’.$ GLOBALS['Helpe'] -> buildsmartydir( $typeu = ‘n’,$smdirid); ---|---

Did not see the familiar select statement, then look at buildsmartydir this function definition. Click buildsmartydir highlighted after Ctrl+B go to Declaration.

! sj2

While viewing the web page visible on the connection. 0, so I chose art. php for analysis.

! sj3

[1] [2] [3] [4] [5] next