ecshop/goods.php SQL Injection Vul

catalogue

1.     
2.       
3.       
4.       
5.     
6.     

 
1.脆弱性記述2.脆弱性トリガ条件
0 x 1:poc

http://localhost/ecshop2.7.3/goods.php?act=getGoodsInfo&id=2035

3.脆弱性影響範囲4.脆弱性コード分析
//goods.php

/*    start by zhouH*/
if (!empty($_REQUEST['act']) && $_REQUEST['act'] == 'getGoodsInfo')
{
    include('includes/cls_json.php');

    $json   = new JSON;
    $res    = array('err_msg' => '', 'result' => '', 'goods_img' => '');

    //        ，       
    $goods_id  = $_REQUEST['id'];
    
    if(!empty($goods_id))
    {
         /*         */
        //       SQL  
            $goods = get_goods_info($goods_id);
        
        res['result'] = $goods;
        ..

$goods=get_goods_info（$goods uuid）
5.防御方法
//goods.php

/*    start by zhouH*/
if (!empty($_REQUEST['act']) && $_REQUEST['act'] == 'getGoodsInfo')
{
    include('includes/cls_json.php');

    $json   = new JSON;
    $res    = array('err_msg' => '', 'result' => '', 'goods_img' => '');

    /**/
    $goods_id  = intval($_REQUEST['id']);
    /**/
    
    if(!empty($goods_id))
    {

6.攻防思考
Copyright（c）2016 Little 5 ann All rights reerved