SiteLock SQL 注入和 XSS 扫描失败

Posted

技术标签:

【中文标题】SiteLock SQL 注入和 XSS 扫描失败【英文标题】:SiteLock SQL injection & XSS scan failed 【发布时间】:2017-10-11 22:10:46 【问题描述】:

您好,我购买了 SiteLock,他们说我的网站 SQL 注入和 XSS 扫描失败

SQL注入: 网址:https://www.sitename.com/product.php?id=1 说明:注入点:GET;注入参数:id;注入类型:数字

XSS 扫描:URL:https://www.sitename.com/product.php?id=1 描述:id

我不知道如何收集它,有人可以帮助我吗?

下面是我的 php 函数从数据库中提取数据。

function get_products_in_cat_page()

$query = query(" SELECT * FROM products WHERE product_category_id = " . escape_string($_GET['id']) . "  ");
confirm($query);

if(mysqli_num_rows($query) == 0) 

set_message("Will update soon the new products");

 else 

while($row = fetch_array($query)) 

$product_image = display_image($row['product_s_image1']);
$product_image2 = display_image($row['product_s_image2']);
if ($row['product_quantity'] < 1) 
    $outofstock = "<div class='sale-flash out-of-stock'>Out of Stock</div>";
 else 
    $outofstock = "";


$product = <<<DELIMETER

<div class="product clearfix" style="padding:8px;">
    <div class="product-image">
        <a href="product.php?id=$row['product_id']"><img src="images/$product_image"  class="selected"></a>
        <a href="product.php?id=$row['product_id']"><img src="images/$product_image2" ></a>
        $outofstock
        <div class="product-overlay">
            <a href="include/ajax/quick_view.php?id=$row['product_id']" class="add-to-cart" data-lightbox="ajax"><i class="icon-shopping-cart"></i><span>Quick View</span></a>
            <a href="product.php?id=$row['product_id']" class="item-view"><i class="icon-zoom-in2"></i><span> More info.</span></a>
        </div>
    </div>
    <div class="product-desc center">
        <a href="product.php?id=$row['product_id']">
        <div class="product-title"><h3 style="font-size:15px;">$row['product_title']</h3></div>
        </a>
        <div class="product-price">&#36;$row['product_price']</div>
        <div class="product-rating">

        </div>
    </div>
</div>


DELIMETER;

echo $product;

 




【问题讨论】:

【参考方案1】:

mysqli_real_escape_string 效果更好,但在您的情况下,将 $_GET['id'] 转换为整数就绰绰有余了

WHERE product_category_id = ".(int)$_GET['id']

【讨论】:

以上是关于SiteLock SQL 注入和 XSS 扫描失败的主要内容,如果未能解决你的问题,请参考以下文章

kali扫描工具--vega

XSSFORK:新一代XSS自动扫描测试工具

渗透测试学习笔记

渗透测试学习笔记

BruteXSS:Xss漏洞扫描脚本

XSS窃取Cookie+绕过CSRF令牌进行SQL注入:CySCA2014InABox靶机测试