zoukankan      html  css  js  c++  java
  • ecshop /goods.php SQL Injection Vul

    catalogue

    1. 漏洞描述
    2. 漏洞触发条件
    3. 漏洞影响范围
    4. 漏洞代码分析
    5. 防御方法
    6. 攻防思考

    1. 漏洞描述
    2. 漏洞触发条件

    0x1: poc

    http://localhost/ecshop2.7.3/goods.php?act=getGoodsInfo&id=2035


    3. 漏洞影响范围
    4. 漏洞代码分析

    /goods.php

    /* 修改 start by zhouH*/
    if (!empty($_REQUEST['act']) && $_REQUEST['act'] == 'getGoodsInfo')
    {
        include('includes/cls_json.php');
    
        $json   = new JSON;
        $res    = array('err_msg' => '', 'result' => '', 'goods_img' => '');
    
        //直接接收外部参数,未进行有效过滤
        $goods_id  = $_REQUEST['id'];
        
        if(!empty($goods_id))
        {
             /* 获得商品的信息 */
            //将外部参数带入SQL查询
                $goods = get_goods_info($goods_id);
            
            res['result'] = $goods;
            ..

    $goods = get_goods_info($goods_id);


    5. 防御方法

    /goods.php

    /* 修改 start by zhouH*/
    if (!empty($_REQUEST['act']) && $_REQUEST['act'] == 'getGoodsInfo')
    {
        include('includes/cls_json.php');
    
        $json   = new JSON;
        $res    = array('err_msg' => '', 'result' => '', 'goods_img' => '');
    
        /**/
        $goods_id  = intval($_REQUEST['id']);
        /**/
        
        if(!empty($goods_id))
        {


    6. 攻防思考

    Copyright (c) 2016 Little5ann All rights reserved

  • 相关阅读:
    java集合--使用集合应该关注的方面
    Linux环境Java多版本管理与切换
    java集合--LinkedList源码
    Java集合--ArrayList源码
    数据库规范化(范式)
    Java异常
    Java内部类
    Java抽象类和接口
    JavaScript 语句
    Vue.js简介
  • 原文地址:https://www.cnblogs.com/LittleHann/p/5133830.html
Copyright © 2011-2022 走看看