phpcms2008注射0day

2008年10月17日星期五 | | |

   
 
 
漏洞存在于ask/search.php文件,以下是漏洞代码:

if($keywords)
{
$where .= " AND title LIKE '%$keywords%'";
}
$infos = $ask->listinfo($where, 'askid DESC', $page, 20);
下面我们来看看listinfo()过程的代码:

function listinfo($where = '', $order = '', $page = 1, $pagesize = 50)
{
if($where) $where = " Where $where";
if($order) $order = " orDER BY $order";
$page = max(intval($page), 1);
$offset = $pagesize*($page-1);
$limit = " LIMIT $offset, $pagesize";
$r = $this->db->get_one("Select count(*) as number FROM $this->table $where");

Oh yeah!!注射漏洞就这么产生了,以下是测试语句:

http://demo.phpcms.cn/ask/search.php?keywords=蟎'
 
   

0 评论:

发表评论

订阅: 博文评论 (Atom)

所有文章收集于网络,如果有牵扯到版权问题请与本站站长联系。谢谢合作![email protected]

 
Glossy Blue by N.Design Studio
Blogger Templates by Blogcrowds | Glossy Blue Blogger Template