PHPCMS adsclass. phpSQL injection vulnerability Author: Unknow affected version: phpcms2008sp4_UTF8_100510 program Introduction: Phpcms is a PHP + Mysql-based website content management system and an open-source PHP development platform. Phpcms is developed in modular mode and features are easy to use and easy to expand. It can provide weight for large and medium-sized sites.
PHPCMS system adsclass.PhpSQL Injection Vulnerability Author: Unknow
Affected Versions:
Phpcms2008sp4_UTF8_100510
Program introduction:
Phpcms is a PHP + Mysql-basedArchitectureThe website content management system is also an open source PHP development platform. Phpcms is developed in modular mode and features are easy to use and easy to expand. It provides heavyweight website construction solutions for large and medium-sized websites. Over the past three years, with the rich Web development and database experience accumulated by the Phpcms team for a long time and the brave innovation in pursuing the perfect design concept, Phpcms has been recognized by nearly 0.1 million websites, and is increasingly applied to large and medium-sized commercial websites.
Vulnerability Analysis:
Ads \ I
NcLude \ ads. class. phpfunction
EdIt ($ ads, $ ads
Id, $ Username = '') // 110 rows {if (! $ This-> check_fo
Rm($ Ads) return FALSE; $ ads = $ this-> check_form ($ ads); if (defined ('in _ admin') {$ ads ['from
Date'] = S
TrTo
Time($ Ads ['fromdate']); $ ads ['todate'] = strtotime ($ ads ['todate']);} $ this-> adsid = $ adsid; $ where = 'adsid = '. $ this-> adsid; if ($ username) $ where. = "AND username = '$ username'"; return $ this-> db-> update ($ this-> table, $ ads, $ where);} Ads \ member. phpif (! $ C_ads-> edit ($ info, $ adsid, $ _ username) showmessage ($ c_ads-> msg (), 'goback'); // 47 rows
The variable $ adsid directly enters the SQL query without being processed, resulting in SQL injection.
Vulnerability Exploitation:
1. register an ordinary member
2. subscribe the advertisement and modify the adsid value for SQL injection.
Solution:
Vendor patch:
PHPCMS
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.phpcms.cn/