VULHUB ™

###0x01漏洞描述 惠尔顿上网行为管理系统在页面/base/message/welcome_pc.php对GET参数id过滤不严格，导致出现SQL注入漏洞。 ###0x02漏洞详情 文件：base/message/welcome_pc.php ``` <?php $thisfile = basename($_SERVER['PHP_SELF']); $RootDir = $_SERVER["DOCUMENT_ROOT"].'/base/'; include_once "$RootDir/include/database.php"; $id = $_REQUEST["id"]; $src_url = $_REQUEST["url"]; $user_ip = ($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"]; $user_ip = ($user_ip) ? $user_ip : $_SERVER["REMOTE_ADDR"]; $text = "欢迎访问,需要上网请点击'我要上网'!"; if($id!=""){ $sql_info = "select * from tb_welcome_policy where id=".$id; $dataList = $gblDBConnect->getOne($sql_info); $src_url = $dataList->redirect_url!=""?$dataList->redirect_url:$src_url; $text = $dataList->welcome_text; } ?> ``` $id无单引号保护导致注入。 ###0x03修复方案 过滤。

###0x01漏洞描述 惠尔顿上网行为管理系统在页面/base/message/welcome_pc.php对GET参数id过滤不严格，导致出现SQL注入漏洞。 ###0x02漏洞详情 文件：base/message/welcome_pc.php ``` <?php $thisfile = basename($_SERVER['PHP_SELF']); $RootDir = $_SERVER["DOCUMENT_ROOT"].'/base/'; include_once "$RootDir/include/database.php"; $id = $_REQUEST["id"]; $src_url = $_REQUEST["url"]; $user_ip = ($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"]; $user_ip = ($user_ip) ? $user_ip : $_SERVER["REMOTE_ADDR"]; $text = "欢迎访问,需要上网请点击'我要上网'!"; if($id!=""){ $sql_info = "select * from tb_welcome_policy where id=".$id; $dataList = $gblDBConnect->getOne($sql_info); $src_url = $dataList->redirect_url!=""?$dataList->redirect_url:$src_url; $text = $dataList->welcome_text; } ?> ``` $id无单引号保护导致注入。 ###0x03修复方案 过滤。