ECShop /api/client/api.php盲注漏洞

官方出品:鸿宇论坛
论坛网址:bbs.hongyuvip.com
官方QQ群:90664526
解决方案:根据教程修改or直接下载附件覆盖根目录

打开文件 根目录/api/client/includes/lib_api.php  (246行)
function API_UserLogin($post)

{

  $post['username'] = isset($post['UserId']) ? trim($post['UserId']) : '';

  $post['password'] = isset($post['Password']) ? strtolower(trim($post['Password'])) : '';

  /[i] 检查密码是否正确 [/i]/

  //$post['username']未进行过滤,造成盲注漏洞,参数是直接从原始$_POST获取的,未进行任何预处理,不受内核过滤影响
修改为
    function API_UserLogin($post)

    {

        /[i] SQL注入过滤 By:Shadow & 鸿宇 E-mail:admin@hongyuvip.com start[/i]/

        if (get_magic_quotes_gpc())

        {

            $post['UserId'] = $post['UserId'];

        }

        else

        {

            $post['UserId'] = addslashes($post['UserId']);

        }

        /[i] SQL注入过滤 By:Shadow & 鸿宇 E-mail:admin@hongyuvip.com end[/i]/

        $post['username'] = isset($post['UserId']) ? trim($post['UserId']) : '';

        $post['password'] = isset($post['Password']) ? strtolower(trim($post['Password'])) : '';
打开文件 根目录/mobile/api/client/includes/lib_api.php  (246行)
function API_UserLogin($post)

{

  $post['username'] = isset($post['UserId']) ? trim($post['UserId']) : '';

  $post['password'] = isset($post['Password']) ? strtolower(trim($post['Password'])) : '';

  /[i] 检查密码是否正确 [/i]/
修改为
function API_UserLogin($post)

    {

        /[i] SQL注入过滤 By:Shadow & 鸿宇 E-mail:admin@hongyuvip.com start[/i]/

        if (get_magic_quotes_gpc())

        {

            $post['UserId'] = $post['UserId'];

        }

        else

        {

            $post['UserId'] = addslashes($post['UserId']);

        }

        /[i] SQL注入过滤 By:Shadow & 鸿宇 E-mail:admin@hongyuvip.com end[/i]/

        $post['username'] = isset($post['UserId']) ? trim($post['UserId']) : '';

        $post['password'] = isset($post['Password']) ? strtolower(trim($post['Password'])) : '';
0
分享 2016-01-10

0 个评论

要回复文章请先登录注册

Copyright © 2024