BUGTRAQ ID:
CNCAN ID:CNCAN-2008070301
AShop Deluxe是一款基于PHP的WEB应用程序。
AShop Deluxe不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。
问题由于脚本对用户提交给'cat'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。
AShop Deluxe "cat" SQL注入漏洞
Published:2008-07-02
Vulnerable:
AShop Deluxe 4.x
Discription:
SEBUG Solution:
升级到AShop Deluxe 4.8.5:
http://www.ashopsoftware.com/
http://www.ashopsoftware.com/
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
http://www.sebug.net/exploit/3995
// Sebug.net [ 2008-07-03 ]