来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] 漏洞页面:member/post.php?phpdefine(ROOTPATH, ../);include(ROOTPATH.includes/common.inc.php);include(language/.$sLan..php);include(ROOTPATH.member/includes/member.inc.php);$act = $......
|
漏洞页面:member/post.php
<?php define("ROOTPATH", "../"); include(ROOTPATH."includes/common.inc.php"); include("language/".$sLan.".php"); include(ROOTPATH."member/includes/member.inc.php"); $act = $_POST['act']; switch($act){ ...略 //读取头像 case "loadface": SecureMember(); $memberid=$_COOKIE["MEMBERID"]; $fsql->query("select nowface from {P}_member where memberid='$memberid'");//这里触发sql注入漏洞 如1'and '1'='1 if($fsql->next_record()){ $nowface=$fsql->f('nowface'); } echo $nowface; exit; break; } 转自:http://www.90sec.org/thread-1865-1-1.html www.2cto.com提供修复 加强过滤 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
