File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities
File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities
发布时间:2016-01-30 来源:查字典编辑
摘要:|FileStorePRO3.2BlindSQLInjection||___________________________________...

| File Store PRO 3.2 Blind SQL Injection |

|________________________________________|

Download from: /cgi/demo/fs/filestore.zip

- Need admin rights:

/confirm.php:

复制代码代码如下:

if(isset($_GET["folder"]) && $_GET["folder"]!="") {

$folder=$_GET["folder"];

} else {

exit("Bad Request");

}

if(isset($_GET["id"]) && $_GET["id"]!="") {

$id=$_GET["id"];

} else {

exit("Bad Request");

}

// Validate all inputs

// Added by SepedaTua on June 01, 2006 - /

/********************** SepedaTua ****************************/

/* Fields:

$folder

$id

*/

$search = array ('@@si',

'@@si',

'@([rn])[s] @',

'@&(quot|#34);@i',

'@&(amp|#38);@i',

'@&(lt|#60);@i',

'@&(gt|#62);@i',

'@&(nbsp|#160);@i',

'@&(iexcl|#161);@i',

'@&(cent|#162);@i',

'@&(pound|#163);@i',

'@&(copy|#169);@i',

'@&#(d );@e');

$replace = array ('',

'',

'1',

'"',

'&',

'',

' ',

chr(161),

chr(162),

chr(163),

chr(169),

'chr

(1)');

$ffolder = $folder;

$fid = $id;

$folder = preg_replace($search, $replace, $folder);

$id = preg_replace($search, $replace, $id);

-----

$SQL="SELECT `".DB_PREFIX."users`.*, `".DB_PREFIX."file_list`.`filename`, `".DB_PREFIX."file_list`.`descript` ";

$SQL.=" FROM `".DB_PREFIX."file_list` LEFT JOIN `".DB_PREFIX."users` ON `".DB_PREFIX."file_list`.`user_id`=`".DB_PREFIX."users`.`id`";

$SQL.=" WHERE `".DB_PREFIX."file_list`.`id`='".$id."'";

if(!$mysql->query($SQL))

{

exit($mysql->error);

}

if($mysql->num

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新电脑安全教程学习
热门电脑安全教程学习
电脑子分类