来源:未知 时间:2015-04-15 13:42 作者:xxadmin 阅读:次
[导读] php云两处二次注入 最新版。两个注入点。顺带一个绕过waf的小技巧。 第一处:/member/model/index.class.php 39行 function index_action(){$this-public_action();$this-member_satic(); $this-com_cache();$resume = $this-...
php云两处二次注入 最新版。两个注入点。顺带一个绕过waf的小技巧。
function saveexpect_action() { if($_POST['submit']) { $eid=(int)$_POST['eid']; unset($_POST['submit']); unset($_POST['eid']); unset($_POST['urlid']); $_POST['name'] = iconv("utf-8", "gbk", $_POST['name']); $where['id']=$eid; $where['uid']=$this->uid; $_POST['lastupdate']=time(); if($eid=="") { $num=$this->obj->DB_select_num("resume_expect","`uid`='".$this->uid."'"); var_dump($num); if($num>=$this->config['user_number']) { echo 1;die; } $_POST['uid']=$this->uid; $nid=$this->obj->insert_into("resume_expect",$_POST); if ($nid) {
function gpc2sql($str,$str2) { if(preg_match("/select|insert|update|delete|union|into|load_file|outfile/is", $str)) { exit(safe_pape()); } if(preg_match("/select|insert|update|delete|union|into|load_file|outfile/is", $str2)) { exit(safe_pape()); } $arr=array(" and "=>" an d "," or "=>" Or ","%20"=>" ","select"=>"Select","update"=>"Update","count"=>"Count","chr"=>"Chr","truncate"=>"Truncate","union"=>"Union","delete"=>"Delete","insert"=>"Insert","<"=>"<",">"=>">","\""=>""","'"=>"´","--"=>"- -"); foreach($arr as $key=>$v){ $str = preg_replace('/'.$key.'/isU',$v,$str); } return $str; }
function com_action() { $this->job_cache(); $row=$this->obj->DB_select_once("zhaopinhui","`id`='".(int)$_GET['id']."'"); $this->yunset("row",$row); $where="`zid`='".(int)$_GET['id']."' and status='1'"; var_dump($where); $urlarr["c"]=$_GET['c']; $urlarr["id"]=$_GET['id']; $urlarr["page"]="{{page}}"; $pageurl=$this->url("index",$_GET['m'],$urlarr,"1"); $rows=$this->get_page("zhaopinhui_com",$where." order by id desc",$pageurl,"13"); if(is_array($rows)){ foreach($rows as $key=>$v){ $rows[$key]['comname']=$this->obj->get_comname($v['uid']); $rows[$key]['job']=$this->obj->DB_select_all("company_job","id in (".$v['jobid'].") and `status`<>'1' and `r_status`<>'2'","name,id"); } }
function zphcom_action() { if(!$this->uid || !$this->username || $_COOKIE['usertype']!=2 || $this->uid!=$_GET['uid']) { $arr['status']=0; $arr['content']=iconv("gbk","utf-8","您不是企业用户或者还没有登录,<a href='index.php?m=login&usertype=2'>请先登录</a>"); }elseif(!$_GET['pid']){ $arr['status']=0; $arr['content']=iconv("gbk","utf-8","你没有选择招聘会"); }elseif(!$_GET['jobid']){ $arr['status']=0; $arr['content']=iconv("gbk","utf-8","你还没有选择职位"); }elseif(is_array($this->obj->DB_select_once("zhaopinhui_com","uid='".(int)$_GET['uid']."' and zid='".(int)$_GET['pid']."'"))){ $arr['status']=0; $arr['content']=iconv("gbk","utf-8","您已经参与该招聘会"); }else{ $jobidarr=@explode(",",$_GET['jobid']); $array=array(); foreach($jobidarr as $v){ if(!in_array($v,$array)){ $array[]=$v; } } $sql['uid']=$_GET['uid']; $sql['zid']=$_GET['pid']; $sql['jobid']=@implode(",",$array); $sql['ctime']=mktime(); $sql['status']=0; $id=$this->obj->insert_into("zhaopinhui_com",$sql);
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com