-
-
[转帖]再次 Espcms通杀SQL注入漏洞分析
-
发表于:
2013-3-18 21:34
1477
-
.还是 文件search.php的问题。第52行的$att数组中$key未过滤。
if (is_array($att) && count($att) > 0) {
foreach ($att as $key => $value) {
if ($value) {
$value = $this->fun->codecon($value, 'bg');
$db_where .= ' AND b.' . $key . '=\'' . $value . '\'';
$urlstr .= '&attr[' . $key . ']=' . urlencode($value);
}
}
}
eg:
8d7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3I4G2j5$3q4D9K9r3!0K6N6q4)9J5c8X3g2K6M7r3y4E0M7#2)9#2k6Y4g2@1k6U0S2Q4y4h3j5#2i4K6u0W2y4W2)9J5k6e0p5K6i4K6u0W2x3o6y4Q4x3X3f1I4x3g2)9#2k6X3u0Q4x3V1k6#2M7r3I4G2j5h3c8Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8X3q4U0i4K6y4p5M7$3g2S2M7X3y4Z5i4K6t1$3j5i4c8Q4x3@1c8D9K9i4y4@1i4K6t1$3j5i4c8@1i4K6g2n7i4K6N6n7f1#2q4x3i4K6N6p5i4K6g2p5i4K6y4p5j5K6m8V1k6i4m8D9j5i4V1`.
seay牛给出exp。我就滤过!
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
