Oblog多用户博客程序strMonth变量过滤不严导致SQL注入漏洞
文件In/Class_UserCommand.asp : 1. strMonth=Request("month") //第63行 2. 3. strDay=Request("day") 4. 5. …… 6. 7. Case "month" //第84行 8. 9. Dim LastDay 10. 11. G_P_FileName = G_P_FileName & "month&month=" & strMonth 12. 13. strDay=Left(strMonth,4) & "-" & Right(strMonth,2) & "-01" 14. 15. mYear=Left(strMonth,4) 16. 17. mMonth=Right(strMonth,2) 18. 19. If InStr ("01,03,05,07,08,10,12",mMonth)> 0 Then 20. 21. LastDay = "31"…… 22. 23. Else //第109行 24. 25. SqlPart = " And Addtime >='"&strMonth"01' AND Addtime < '"&strMonth&LastDay"' " 构造合适的变量strMonth进行注射 Oblog 4.5-4.6 sql 厂商补丁: oblog ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.oblog.cn/" target="_blank" rel=external nofollow>http://www.oblog.cn/</a>
