WordPress插件CevherShare2.0SQL注射缺陷及修复网站

影响版本: WordPress CevherShare 2.0 plugin

开发者: http://phpkode.com/

下载 地址: http://phpkode.com/download/s/cevhershare.zip

测试平台: Ubuntu- Linux

缺陷代码页面：cevhershare/cevhershare-admin.php

测试:

http://www.2cto.com /wp-content/plugins/cevhershare/cevhershare-admin.php?id=[SQL-Injection]

$id = $_GET[&＃39;id&＃39;] ? $_GET[&＃39;id&＃39;] : $_POST[&＃39;id&＃39;];

       $pos = $_GET[&＃39;pos&＃39;] ? $_GET[&＃39;pos&＃39;] : $_POST[&＃39;pos&＃39;];

       $status = $_GET[&＃39;status&＃39;] ? $_GET[&＃39;status&＃39;] : $_POST[&＃39;status&＃39;];

       $task = $_GET[&＃39;t&＃39;] ? $_GET[&＃39;t&＃39;] : $_POST[&＃39;t&＃39;];

       $do = $_POST[&＃39;do&＃39;];

       if($do == "update-lang"){

              $uplang = $_POST[&＃39;update-lang&＃39;];

              update_option(&＃39;cevhershare_language&＃39;,$uplang);

       }www.2cto.com

       if($id)     $item = $wpdb->get_row("SELECT * FROM ".$wpdb->prefix."cevhershare WHERE id=$id");

       if($do == &＃39;update&＃39;) $wpdb->query("UPDATE ".$wpdb->prefix."cevhershare SET enabled=&＃39;".$_POST[&＃39;enabled&＃39;]."&＃39;, position=&＃39;".$_POST[&＃39;position&＃39;]."&＃39;, name=&＃39;".$_POST[&＃39;name&＃39;]."&＃39;, big=&＃39;".$_POST[&＃39;big&＃39;]."&＃39;, small=&＃39;".$_POST[&＃39;small&＃39;]."&＃39; WHERE id=&＃39;$id&＃39;");

       elseif($do == &＃39;add&＃39;) $wpdb->query("INSERT INTO ".$wpdb->prefix."cevhershare (position, name, big, small) VALUES(&＃39;".$_POST[&＃39;position&＃39;]."&＃39;,&＃39;".$_POST[&＃39;name&＃39;]."&＃39;, &＃39;".$_POST[&＃39;big&＃39;]."&＃39;, &＃39;".$_POST[&＃39;small&＃39;]."&＃39;)");

       elseif($do == &＃39;delete&＃39;) $wpdb->query("DELETE FROM ".$wpdb->prefix."cevhershare WHERE id=$id LIMIT 1");

       elseif($do == &＃39;reset&＃39;) cevhershare_reset();

       elseif($do == &＃39;settings&＃39;){

修复：过滤