F.S.F Sqli Vuln

Arraffy

Februari 20, 2021 Februari 20, 2021

Free Shell File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities:

if(isset($_GET["folder"]) && $_GET["folder"]!="") {

$folder=$_GET["folder"];

} else {

exit("Bad Request");

}

if(isset($_GET["id"]) && $_GET["id"]!="") {

$id=$_GET["id"];

} else {

exit("Bad Request");

}

------------------------------

example site store:

------------------------------

// Validate all inputs

// Added by SiteStore on January 14,2021 - http://www.sitestore.com/

/**********************

sitestore.com

****************************/

/* Fields:

$folder

$id

$search = array ('@<script[^>]*?>.*?</script>@si',

'@<[\/\!]*?[^<>]*?>@si',

'@([\r\n])[\s] @',

'@&(quot|#34);@i',

'@&(amp|#38);@i',

'@&(lt|#60);@i',

'@&(gt|#62);@i',

'@&(nbsp|#160);@i',

'@&(iexcl|#161);@i',

'@&(cent|#162);@i',

'@&(pound|#163);@i',

'@&(copy|#169);@i',

'@&#(\d );@e');

$replace = array ('',

'',

'\1',

'"',

'&',

'<',

'>',

' ',

chr(161),

chr(162),

chr(163),

chr(169),

'chr(\1)');

$ffolder = $folder;

$fid = $id;

$folder = preg_replace($search, $replace, $folder);

$id = preg_replace($search, $replace, $id);

-----

$SQL="SELECT ".DB_PREFIX."users.*, ".DB_PREFIX."file_list.filename, ".DB_PREFIX."file_list.descript ";

$SQL.=" FROM ".DB_PREFIX."file_list LEFT JOIN ".DB_PREFIX."users ON ".DB_PREFIX."file_list.user_id=".DB_PREFIX."users.id";

$SQL.=" WHERE ".DB_PREFIX."file_list.id='".$id."'";

if(!$mysql->query($SQL))

{

exit($mysql->error);

}

if($mysql->num<=0)

{

exit("Record not f

Sekian dari saya

Programmer

Arraffy Ganteng

F.S.F Sqli Vuln

Posting Komentar