口福科技网上订餐系统平台版SQL注入漏洞

  • A+
所属分类:漏洞时代
摘要

source/index/shopse.php
[php]
extract($_GET);//变量覆盖$gid=intval($_GET[‘gid’]);$gcate[$gid]=$gcate[$gid]?$gcate[$gid]:0;

source/index/shopse.php
[php]
extract($_GET);//变量覆盖

$gid=intval($_GET['gid']);

$gcate[$gid]=$gcate[$gid]?$gcate[$gid]:0;

$_GET['a']=$_GET['a']?htmlspecialchars(trim($_GET['a'])):'index';

switch($_GET['a'])

{

case 'index':

$userid=intval($_SESSION['ssuser']['userid']);

//区域选择

$provinces=provinces($cksiteid);

$smarty->assign("provinces",$provinces);

if($_GET['provinceid'])

{

$_GET['provinceid']=intval($_GET['provinceid']);

$citys=citys(intval($_GET['provinceid']));

$towns=towns(intval($_GET['cityid']));

$smarty->assign("citys",$citys);

$smarty->assign("towns",$towns);

}

//店铺类目

$_GET['catid']=intval($_GET['catid']);

!empty($gcate[$gid]) && $catlist=$db->getAll("SELECT * FROM ".table('shop_cat')." WHERE catid IN(".$gcate[$gid].") ORDER BY orderindex ASC ");//注入[/php]

测试 http://0day5.com/koufu/index.php?m=shopse&a=index&gcate[1]=ss&gid=1

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: