网站地图    收藏   

主页 > 后端 > 网站安全 >

Joomla!组件VirtueMart 2.0.22a SQL Injection - 网站安全

来源:自学PHP网    时间:2015-04-17 10:15 作者: 阅读:

[导读] ------------------------------------------------------------Joomla! VirtueMart component = 2.0.22a - SQL Injection------------------------------------------------------------==概述==- 下载......

------------------------------------------------------------
Joomla! VirtueMart component <= 2.0.22a - SQL Injection
------------------------------------------------------------
 
==概述==
- 下载地址: http://www.virtuemart.net/
-  影响版本: All versions between 2.0.8 and 2.0.22a are vulnerable.
-  漏洞发现: Matias Fontanini
 
== 缺陷 ==
The vulnerability is located in the "user" controller, "removeAddressST" 
task. The "virtuemart_userinfo_id" parameter is not properly sanitized 
before being used in the "DELETE" query performed in it, allowing the 
execution of arbitrary SQL queries.
 
In order to exploit the vulnerability, an attacker must be authenticated 
as a customer in the application. However, since the system allows free 
account registration, this is not a problem.
 
== 测试证明  ==
The following example URL uses the MySQL "sleep" function through the 
injection:
 
http://example.com/index.php?option=com_virtuemart&view=user&task=removeAddressST&virtuemart_userinfo_id=16%22%20and%20sleep(10)%20and%20%22%22%3D%22
 
== 解决方案 ==

升级到新版 2.0.22b

 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论