VULHUB ™

Bloginator是一套PHP脚本，允许用户在网站上显示、添加、编辑和删除文章。 Bloginator的articleCall.php模块没有正确的验证对id参数所传送的输入参数，远程攻击者可以通过提交恶意查询请求执行SQL注入攻击。以下是有漏洞的代码段： [URL] www.site.com/bloginator/articleCall.php $action = @$_GET['action']; [...] $id = $_GET['id']; [...] function editArticle($id,$message) { global $returnLink; $query = "select * FROM articles WHERE id='$id'"; $sql = mysql_query($query) or die(mysql_query()); $title = mysql_result($sql,0,'title'); $title = htmlentities($title); $article = mysql_result($sql,0,'article'); $article = htmlentities($article); $link = mysql_result($sql,0,'link'); $link = htmlentities($link); startHTML("Edit ID # ".$id); ?>

Bloginator是一套PHP脚本，允许用户在网站上显示、添加、编辑和删除文章。 Bloginator的articleCall.php模块没有正确的验证对id参数所传送的输入参数，远程攻击者可以通过提交恶意查询请求执行SQL注入攻击。以下是有漏洞的代码段： [URL] www.site.com/bloginator/articleCall.php $action = @$_GET['action']; [...] $id = $_GET['id']; [...] function editArticle($id,$message) { global $returnLink; $query = "select * FROM articles WHERE id='$id'"; $sql = mysql_query($query) or die(mysql_query()); $title = mysql_result($sql,0,'title'); $title = htmlentities($title); $article = mysql_result($sql,0,'article'); $article = htmlentities($article); $link = mysql_result($sql,0,'link'); $link = htmlentities($link); startHTML("Edit ID # ".$id); ?>