标题: Jaow <= 2.4.5 Blind Sql Injection 下载 地址: http://HdhCmsTestjaow.net/telechargements/Jaow_V2.4.5.zip 影响版本: 2.4.5 测试平台: Debian GNU/Linux 作者: kallimero 介绍 Jaow is a CMS that can manage sites of small sizes, thanks to its simple, commented code you can easily create templates and / or create modules to suit your needs. Jaow is the solution for small sites, blogs or portfolio. 分析: 版本2.4.5 core不幸遭到了盲注 缺陷所在页面 : add_ons.php Extract from the source : -------------[ add_ons.php ]-------------- // On stocke dans une variable simple le add_on demand� $add_on = stripslashes($_GET['add_ons']); // On recherche si l'add_on est install� echo 'SELECT id,nom FROM '.$db_prefix.'add_ons WHERE nom="'.$add_on.'" AND actif="1"'; $query_add_ons = mysql _query('SELECT id,nom FROM '.$db_prefix.'add_ons WHERE nom="'.$add_on.'" AND actif="1"'); -------------[ add_ons.php ]-------------- So, we can inject sql with the add_ons variable, like that : http:// HdhCmsTest2cto测试数据 /[path]/add_ons.php?add_ons=[SQL injection] 解决方案 升级方案在这里: http://HdhCmsTestjaow.net/Article-97
查看更多关于Jaow <= 2.4.5盲注及修复 - 网站安全 - 自学php的详细内容...