影响版本: WordPress CevherShare 2.0 plugin

开发者: http://phpkode.com/

下载地址: http://phpkode.com/download/s/cevhershare.zip

测试平台: Ubuntu-Linux

缺陷代码页面：cevhershare/cevhershare-admin.php

测试:

http://www.2cto.com /wp-content/plugins/cevhershare/cevhershare-admin.php?id=[SQL-Injection]

$id = $_GET['id'] ? $_GET['id'] : $_POST['id'];

       $pos = $_GET['pos'] ? $_GET['pos'] : $_POST['pos'];

       $status = $_GET['status'] ? $_GET['status'] : $_POST['status'];

       $task = $_GET['t'] ? $_GET['t'] : $_POST['t'];

       $do = $_POST['do'];

       if($do == "update-lang"){

              $uplang = $_POST['update-lang'];

              update_option('cevhershare_language',$uplang);

       }www.2cto.com

       if($id)     $item = $wpdb->get_row("SELECT * FROM ".$wpdb->prefix."cevhershare WHERE id=$id");

       if($do == 'update') $wpdb->query("UPDATE ".$wpdb->prefix."cevhershare SET enabled='".$_POST['enabled']."', position='".$_POST['position']."', name='".$_POST['name']."', big='".$_POST['big']."', small='".$_POST['small']."' WHERE id='$id'");

       elseif($do == 'add') $wpdb->query("INSERT INTO ".$wpdb->prefix."cevhershare (position, name, big, small) VALUES('".$_POST['position']."','".$_POST['name']."', '".$_POST['big']."', '".$_POST['small']."')");

       elseif($do == 'delete') $wpdb->query("DELETE FROM ".$wpdb->prefix."cevhershare WHERE id=$id LIMIT 1");

       elseif($do == 'reset') cevhershare_reset();

       elseif($do == 'settings'){

修复：过滤