NexusPHP v1.5 SQL注入漏洞及修复

还是老话不变,多搞搞国外的站

别老丢人拿着满是注入点,上传漏洞的站挂黑页

不是显得你牛逼,只是显得你更傻逼

标题: Nexusphp.v1.5 SQL injection Vulnerability

作者: flyh4t www.92hack.net

下载地址: http://sourceforge.net/projects/nexusphp/

影响版本: nexusphp.v1.5

测试平台: linux+apache

Nexusphp is BitTorrent private tracker scripts written in PHP

源码下载:http://sourceforge.net/projects/nexusphp/

thanks.php存在一些sql注射缺陷

———————–代码分析——————-

//thanks.php

if ($_GET[‘id’])

stderr(“Party is over!”, “This trick doesn’t work anymore. You need to click the button!”);

$userid = $CURUSER[“id”];

$torrentid = $_POST[“id”];

$tsql = sql_query(“SELECT owner FROM torrents where id=$torrentid”);

$arr = mysql_fetch_array($tsql);

———————–end——————-

$_POST[“id”] is not checked, lead a sql injection Vulnerability

———————–测试——————-

_POST[id] : -1 union select version()>4/* www.92hack.net

———————–end ——————-

修复:checked

评论关闭。