Exploitation and repair of the latest SQL injection vulnerability in the most popular group buying program

A high-risk vulnerability was recently reported in the most tuesbuy program 3.0 _ 20111207. Using this vulnerability, intruders can obtain a large number of user information and order information of the most tuesbuy website within 10 seconds.
 
Because it is a group buying program, the database stores the user's email address and phone number, and even the user's address. For website users, once these private information is obtained by others, it will cause a lot of trouble.
 
360 security engineers analyzed that "this is a typical and very classic array key variable pollution vulnerability. In the code of the 'most common group' website builder program, because the function filtering is not strict, hackers can submit malicious code and control the program process to bypass logon judgment, directly go to the website background.

The test method is as follows:
 
1. Use operabrowser to open the website's Default background address: manage/login. php
 
2. Right-click to view the source code. Find the following code:
 
<Div>
<Label for = "manage-login"> logon name </label>
<Input type = "text" size = "30" name = "username" id = "manage-username" datatype = "require" require = "true"/>
</Div>
3. Change "name =" username "to: name =" username [= 0x7c or manager = 1 #] "And click Save in the browser.
 
4. log on to the background directly under account s and password s.
 
Because the back-end of the most popular group buying program can directly back up the database to a local machine, once it enters the background, if the server does not set the backup file download permission, yes, you can directly back up the database to the local, so it poses a great threat to user information security.
 
How to fix the preceding vulnerabilities:
 
1. Upgrade zuitugo_cv2.0_20151131 to the latest version of the group buying program;
 
2. If you do not want to download a large source code upgrade package, you can refer to the following solutions:
In Include/classes/ZUser. class. in php, find "static public function GetLogin ($ email, $ unpass, $ en = true) {", that is, the login verification function definition; add the following code "if (is_array ($ email) return array ();" to fix the vulnerability. Www.2cto.com
 
3. We recommend that you set the permission to prohibit downloading backup files when backing up the background database to a local database.
 
4. You can add Verification Code items for background login.
 
For some repair solutions, refer to the information on the Internet.
 
This article is for your reference only. Do not commit any damages.