-
-
[转帖]Php Nuke 8.x.x Blind SQL Injection Vulnerability
-
发表于:
2010-8-11 12:21
2467
-
[转帖]Php Nuke 8.x.x Blind SQL Injection Vulnerability
Poc :modules\Web_Links\index.php line:223
function Add($title, $url, $auth_name, $cat, $description, $email) {
global $prefix, $db, $user;
$url = filter($url, "nohtml");
$result = $db->sql_query("SELECT url from ".$prefix."_links_links where
url='$url'");
$numrows = $db->sql_numrows($result);
if ($numrows>0) {......
######################################################################
#Bug : http://site.com/modules.php?name=Web_Links&l_op=Add&url=sql Injection
######################################################################
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
