作者: chap0
下载地址: http://sourceforge.net/projects/xraycms/files/latest/download
影响版本: 1.1.1
测试平台: Ubuntu
XRay CMS is含sql注射可以让用户绕过验证登陆. If a malicious
user supplies ' or 1=1# into the applications user name field
they will be logged into the applications admin account.
Jan 29, 2012 – Contacted Vendor No Response
Feb 05, 2012 – Public Disclosure
Since the vendor did not reply we attempted to create our own
fixes for this issue. The vulnerability exist in [login2.php]
on lines 20 and 21.
17 if(!isset($_POST['username'])) header("Location: login.php?error_username");
18 if(!isset($_POST['password'])) header("Location: login.php?error_password");
19
20 $user = $_POST['username'];
21 $pass = $_POST['password'];
If the lines 20 and 21 are changed to:
$user = mysql _real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
This will prevent the sql injection from happening in the user name field.
查看更多关于XRayCMS 1.1.1 万能密码及修复 - 网站安全 - 自学ph的详细内容...