切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
phpcms_v9.5.2爆库爆表名[ CodeSec-2014-0003 ][复制链接]
发表于 2014-2-20 11:52:05 | 显示全部楼层 |!read_mode!

开发者漏洞预警 —— phpcms_v9.5.2爆库爆表名 [ CodeSec-2014-0003 ]

漏洞编号: CodeSec-2014-0003

漏洞标题: phpcms_v9.5.2爆库爆表名

漏洞类型: 敏感信息泄漏

漏洞危害等级: 低风险

漏洞状态: 漏洞发布,联系作者中...

漏洞细节:
见帖子内容

修补方案:
异常处理

源码地址:
www.phpcms.cn

论坛备份源码地址:
http://pan.baidu.com/s/1kT3DZKz

开发者回复: 暂无

/phpcms/modules/mood/index.php
//提交选中
        public function post() {
                if (isset($_GET['callback']) && !preg_match('/^[a-zA-Z_][a-zA-Z0-9_]+$/', $_GET['callback']))  unset($_GET['callback']);
                $mood_id =& $this->mood_id;
                $setting =& $this->setting;
                $cookies = param::get_cookie('mood_id');
                $cookie = explode(',', $cookies);
                if (in_array($this->mood_id, $cookie)) {
                        $this->_show_result(0, L('expressed'));
                } else {
                        $mood_db = pc_base::load_model('mood_model');
                        $key = isset($_GET['k']) && intval($_GET['k']) ? intval($_GET['k']) : '';                        //过滤
			if(empty($key)){
				showmessage((L('illegal_parameters')));
			}

                        $fields = 'n'.$key;
                        if ($data = $mood_db->get_one(array('catid'=>$this->catid, 'siteid'=>$this->siteid, 'contentid'=>$this->contentid))) {
                                $mood_db->update(array('total'=>'+=1', $fields=>'+=1', 'lastupdate'=>SYS_TIME), array('id'=>$data['id']));
                                $data['total']++;
                                $data[$fields]++;
                        } else {
                                $mood_db->insert(array('total'=>'1', $fields=>'1', 'catid'=>$this->catid, 'siteid'=>$this->siteid, 'contentid'=>$this->contentid,'
                                lastupdate'=>SYS_TIME));
                                $data['total'] = 1;
                                $data[$fields] = 1;
                        }
                        param::set_cookie('mood_id', $cookies.','.$mood_id);
                        foreach ($setting as $k=>$v) {
                                $setting[$k]['fields'] = 'n'.$k;
                                if (!isset($data[$setting[$k]['fields']])) $data[$setting[$k]['fields']] = 0;
                                if (isset($data['total']) && !empty($data['total'])) {
                                        $setting[$k]['per'] = ceil(($data[$setting[$k]['fields']]/$data['total']) * 60);
                                } else {
                                        $setting[$k]['per'] = 0;
                                }
                        }
                        ob_start();
                        include template('mood', 'index');
                        $html = ob_get_contents();
                        ob_clean();
                        $this->_show_result(1,$html);
                }
        }






附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2019-11-17 19:08

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部