下载地址: https://sourceforge.net/projects/blogsmanager/

[0x01] 缺陷概述:

Blogs manager <= 1.101含注射缺陷,想利用需要有注册账号

示例证明:

https://www.2cto.com /blogs/_authors_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/_blogs_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/_category_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/_comments_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/_policy_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/_rate_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/categoriesblogs_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/chosen_authors_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/chosen_blogs_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/chosen_comments_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

https://www.2cto.com /blogs/help_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL

injection]

修复方案:

针对上述页面过滤其参数输入