url shortener script 1.0 sql注射缺陷及修复 - 网站安全

 

标题: url shortener script 1.0 sql injection Vulnerabilities

作者: M.Jock3R HdhCmsTest2cto测试数据

开发官方: http://djpate测试数据/

下载 地址: http://HdhCmsTestphpkode测试数据/scripts/item/url-shortener-script/

测试平台: windows XP Sp2 FR

 

===================================================================================

缺陷文件: show.php

 

缺陷代码分析:

 

    if($_GET['id']){

        require(" mysql .php");

        $id = addslashes($_GET['id']);

        $getUrl = mysql_query("select url from urls where id = $id");

        

示例:

 

http://HdhCmsTest2cto测试数据 /url-shortener-script/show.php?id=[Inj3ct]

 

===================================================================================

修复：过滤该页面输入

 

Greets To :

adelsbm / attiadona  / Wjunction forum

---------------------------------

I Love you Mindy

---------------------------------

Email : madrido.jocker@gmail测试数据

 

THANKS TO ALL ALGERIANS HACK3RS

查看更多关于url shortener script 1.0 sql注射缺陷及修复 - 网站安全的详细内容...