来源:自学PHP网 时间:2015-04-17 10:15 作者: 阅读:次
[导读] ------------------------------------------------------------Joomla! VirtueMart component = 2.0.22a - SQL Injection------------------------------------------------------------==概述==- 下载......
------------------------------------------------------------ Joomla! VirtueMart component <= 2.0.22a - SQL Injection ------------------------------------------------------------ ==概述== - 下载地址: http://www.virtuemart.net/ - 影响版本: All versions between 2.0.8 and 2.0.22a are vulnerable. - 漏洞发现: Matias Fontanini == 缺陷 == The vulnerability is located in the "user" controller, "removeAddressST" task. The "virtuemart_userinfo_id" parameter is not properly sanitized before being used in the "DELETE" query performed in it, allowing the execution of arbitrary SQL queries. In order to exploit the vulnerability, an attacker must be authenticated as a customer in the application. However, since the system allows free account registration, this is not a problem. == 测试证明 == The following example URL uses the MySQL "sleep" function through the injection: http://example.com/index.php?option=com_virtuemart&view=user&task=removeAddressST&virtuemart_userinfo_id=16%22%20and%20sleep(10)%20and%20%22%22%3D%22 == 解决方案 == 升级到新版 2.0.22b
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com