网站地图    收藏   

主页 > 后端 > 网站安全 >

74cms逻辑漏洞导致sql注入及修复2 - 网站安全 - 自

来源:自学PHP网    时间:2015-04-16 23:15 作者: 阅读:

[导读] include fun_personal php(346-373)$resume_work=get_resume_work($uid,$pid);$resume_training=get_resume_training($uid,$pid);$resume_photo=$resume_basic[ 39;photo_img 39;];if (!empty($resume_work)...

/include/fun_personal.php(346-373)
 
$resume_work=get_resume_work($uid,$pid);

$resume_training=get_resume_training($uid,$pid);

$resume_photo=$resume_basic['photo_img'];

if (!empty($resume_work))$percent=$percent+13;

if (!empty($resume_training))$percent=$percent+13;

if (!empty($resume_photo))$percent=$percent+14;

$setsqlarr['complete']=1;

$setsqlarr['complete_percent']=$percent;

require_once(QISHI_ROOT_PATH.'include/splitword.class.php');

$sp = new SPWord();



$setsqlarr['key']=$resume_basic['intention_jobs'].$resume_basic['recentjobs'].$resume_basic['specialty']; 

echo $setsqlarr['key']."<br>";

$setsqlarr['key']="{$resume_basic['fullname']} ".$sp->extracttag($setsqlarr['key']);

$setsqlarr['key']=str_replace(","," ",$resume_basic['intention_jobs'])." {$setsqlarr['key']} {$resume_basic['education_cn']}";

$setsqlarr['key']=$sp->pad($setsqlarr['key']);



if (!empty($resume_education))

{

foreach($resume_education as $li)

{

$setsqlarr['key']="{$li['school']} {$setsqlarr['key']} {$li['speciality']}";

}

}

$setsqlarr['refreshtime']=$timestamp;

}



updatetable(table('resume'),$setsqlarr,"uid='{$uid}' AND id='{$pid}'");

 

 
 
当执行到$resume_work=get_resume_work($uid,$pid); 然后执行到$setsqlarr['key']=$sp->pad($setsqlarr['key']);对此之前存入数据库的数据原封不动的获取出来,当数据流向updatetable(table('resume'),$setsqlarr,"uid='{$uid}' AND id='{$pid}'");故而触发sql注入漏洞
 
 
 
具体发送请求如图所示:
 
根据此逻辑过程,完全就变成一个最为普通的sql注入了,所以读者可以想干什么,就干什么
 
修复方案:
在get_resume_work这个函数返回时候做转义
 
或者在$sp->pad函数返回时候做转义即可

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论