Thor: hiphop
QQ: 52938722
Post Please attach Source: http://hi.baidu.com/securehiphop/blog/item/456db91291ac440a5aaf53e9.html
Source code download: http://big5.chinaz.com: 88/down.chinaz.com/soft/25410.htm
Today, I wanted to build a small website to allow brothers in the Group to communicate with each other.
But I want to find a simple website to check whether the source code has security problems.
Several problems have been discovered, although the developer uses addslashes to explain:
####################
AddSlashes --- add a backslash to the string
Syntax: string addslashes (string str)
Note:
Add a backslash to the character that needs to be referenced in the database query and so on, and return a string with a backslash. These characters include single quotation marks (), double quotation marks ("), and diagonal lines () and NULL (null byte ).
####################
But someone who has studied this function should know how to bypass it,
I guess developers will always forget to filter data.
I found the result.
He's on the back-end make-column.php.
Ha
$ MakeSql = and typeautoid =. $ _ GET ["typeid"];
$ ASql = $ _ GET ["typeid"];
Makecolumn ($ makeSql );
$ _ GET ["typeid"] here; the attacker forgot to filter
The rest of the brothers who are interested find the vulnerability on their own
Zookeeper is as follows: