ecshop /goods.php SQL Injection Vul
catalogue
1. 漏洞描述
2. 漏洞觸發條件
3. 漏洞影響範圍
4. 漏洞代碼分析
5. 防禦方法
6. 攻防思考
1. 漏洞描述
2. 漏洞觸發條件
0x1: poc
http://localhost/ecshop2.7.3/goods.php?act=getGoodsInfo&id=2035
3. 漏洞影響範圍
4. 漏洞代碼分析
/goods.php
/* 修改 start by zhouH*/
if (!empty($_REQUEST['act']) && $_REQUEST['act'] == 'getGoodsInfo')
{
include('includes/cls_json.php');
$json = new JSON;
$res = array('err_msg' => '', 'result' => '', 'goods_img' => '');
//直接接收外部參數,未進行有效過濾
$goods_id = $_REQUEST['id'];
if(!empty($goods_id))
{
/* 獲得商品的資訊 */
//将外部參數帶入SQL查詢
$goods = get_goods_info($goods_id);
res['result'] = $goods;
..
$goods = get_goods_info($goods_id);
5. 防禦方法
/* 修改 start by zhouH*/
if (!empty($_REQUEST['act']) && $_REQUEST['act'] == 'getGoodsInfo')
{
include('includes/cls_json.php');
$json = new JSON;
$res = array('err_msg' => '', 'result' => '', 'goods_img' => '');
/**/
$goods_id = intval($_REQUEST['id']);
/**/
if(!empty($goods_id))
{
6. 攻防思考
Copyright (c) 2016 Little5ann All rights reserved