WoDig社区程序Members.asp页面过滤不严导致SQL注入漏洞

2009-05-28T00:00:00
ID SSV:11466
Type seebug
Reporter Root
Modified 2009-05-28T00:00:00

Description

在文件Members.asp中: SearchType=HTMLEncode(Request("SearchType")) //第38行 SearchText=HTMLEncode(Request("SearchText")) SearchRole=HTMLEncode(Request("SearchRole")) CurrentAccountStatus=HTMLEncode(Request("CurrentAccountStatus")) JoinedDateComparer=Left(Request("JoinedDateComparer"),1) LastPostDateComparer=Left(Request("LastPostDateComparer"),1) JoinedDate_picker=HTMLEncode(Request("JoinedDate_picker")) LastPostDate_picker=HTMLEncode(Request("LastPostDate_picker")) if SearchType="all" then SearchType="UserEmail like '%"&SearchText&"%' or UserName" if SearchText<>"" then item=item&" and ("&SearchType&" like '%"&SearchText&"%')" if JoinedDate_picker<>"" and JoinedDateComparer<>"" then item=item&" and DateDiff("&SqlChar&"d"&SqlChar&",'"&JoinedDate_picker&"',UserRegisterTime) "&JoinedDateComparer&" 0" if LastPostDate_picker<>"" and LastPostDateComparer<>"" then item=item&" and DateDiff("&SqlChar&"d"&SqlChar&",'"&LastPostDate_picker&"',UserActivityTime) "&LastPostDateComparer&" 0" if SearchRole <> "" then item=item&" and UserRoleID="&SearchRole&"" if CurrentAccountStatus <> "" then item=item&" and UserAccountStatus="&CurrentAccountStatus&"" 多个数字变量使用过滤字符的函数过滤导致注入漏洞的产生。

WoDig 4.1.2 厂商补丁 WoDig


目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href="http://www.wodig.com/" target="_blank" rel=external nofollow>http://www.wodig.com/</a>