phpMyShop compte.php SQL指令注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107178 漏洞类型 SQL注入
发布时间 2003-02-03 更新时间 2003-12-31
CVE编号 CVE-2003-1532 CNNVD-ID CNNVD-200312-443
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/22209
https://cxsecurity.com/issue/WLB-2007110022
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-443
|漏洞详情
myphpshop是一款小型的电子商务服务程序。myphpshop没有充分过滤用户提供的输入,远程攻击者可以利用这个漏洞提供恶意参数,使的SQL逻辑修改,未经认证访问系统。myphpshop包含的compte.php脚本文件对'identifiant'和'password'变量缺少正确过滤,攻击者提供类似''=''的SQL表达式,就可以导致修改原来系统的SQL逻辑,认为条件一直为真,结果可使远程攻击者绕过myphpshop验证/注册过程访问系统。
|漏洞EXP
source: http://www.securityfocus.com/bid/6746/info

phpMyShop, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. 

This vulnerability was reported to exist in the compte.php script file. A remote attacker can exploit this vulnerability to bypass the phpMyShop authentication/registration process.

http://[target]/compte.php?achat=1&valider=1&identifiant='%20OR%20''='&password='%20OR%20''='
|参考资料

来源:SECTRACK
名称:1006030
链接:http://www.securitytracker.com/id?1006030
来源:BID
名称:6746
链接:http://www.securityfocus.com/bid/6746
来源:BUGTRAQ
名称:20030203phpMyShop(php)
链接:http://www.securityfocus.com/archive/1/archive/1/309921/30/26090/threaded
来源:SREASON
名称:3348
链接:http://securityreason.com/securityalert/3348
来源:SECUNIA
名称:7990
链接:http://secunia.com/advisories/7990
来源:NSFOCUS
名称:4320
链接:http://www.nsfocus.net/vulndb/4320