网站地图    收藏   

子栏目

主页 > 入门引导 > 黑客攻防 >

ECSHOP 后台sql注入漏洞2枚(鸡肋) - 网站安全 -

来源:自学PHP网    时间:2015-04-15 15:00 作者: 阅读:

[导读] admin affiliate_ck phpif ($_REQUEST[ 39;act 39;] == 39;list 39;){ $logdb = get_affiliate_ck(); $smarty-assign( 39;full_page 39;, 1); $smarty-assign( 39;ur_he...

admin/affiliate_ck.php
  
if ($_REQUEST['act'] == 'list')

{

    $logdb = get_affiliate_ck();

    $smarty->assign('full_page',  1);

    $smarty->assign('ur_here', $_LANG['affiliate_ck']);

    $smarty->assign('on', $separate_on);





function get_affiliate_ck()

{



    $affiliate = unserialize($GLOBALS['_CFG']['affiliate']);

    empty($affiliate) && $affiliate = array();

    $separate_by = $affiliate['config']['separate_by'];



    $sqladd = '';

    if (isset($_REQUEST['status']))

    {

        $sqladd = ' AND o.is_separate = ' . (int)$_REQUEST['status'];

        $filter['status'] = (int)$_REQUEST['status'];

    }

    if (isset($_REQUEST['order_sn']))

    {

        $sqladd = ' AND o.order_sn LIKE \'%' . trim($_REQUEST['order_sn']) . '%\'';

        $filter['order_sn'] = $_REQUEST['order_sn'];

    }

    if (isset($_GET['auid']))

    {

 

漏洞2:
 
admin/agency.php
 
if ($_REQUEST['act'] == 'list')

{

    $smarty->assign('ur_here',      $_LANG['agency_list']);

    $smarty->assign('action_link',  array('text' => $_LANG['add_agency'], 'href' => 'agency.php?act=add'));

    $smarty->assign('full_page',    1);



    $agency_list = get_agencylist();

    $smarty->assign('agency_list',  $agency_list['agency']);

    $smarty->assign('filter',       $agency_list['filter']);

    $smarty->assign('record_count', $agency_list['record_count']);

    $smarty->assign('page_count',   $agency_list['page_count']);





function get_agencylist()

{

    $result = get_filter();

    if ($result === false)

    {

        /* 初始化分页参数 */

        $filter = array();

        $filter['sort_by']    = empty($_REQUEST['sort_by']) ? 'agency_id' : trim($_REQUEST['sort_by']);//这俩个参数都可以注入

        $filter['sort_order'] = empty($_REQUEST['sort_order']) ? 'DESC' : trim($_REQUEST['sort_order']);



        /* 查询记录总数,计算分页数 */

        $sql = "SELECT COUNT(*) FROM " . $GLOBALS['ecs']->table('agency');

        $filter['record_count'] = $GLOBALS['db']->getOne($sql);

        $filter = page_and_size($filter);



        /* 查询记录 */

        $sql = "SELECT * FROM " . $GLOBALS['ecs']->table('agency') . " ORDER BY $filter[sort_by] $filter[sort_order]";



        set_filter($filter, $sql);

    }

    else

    {

        $sql    = $result

 



测试方法
 
127.0.0.1/ec/admin/affiliate_ck.php?act=list&auid=1'
 
 
测试方法 
 
127.0.0.1/ec/admin/agency.php?act=list
 
POST 提交sort_by=111111'
 

最新评论

    加载更多~~

    添加评论

    更多文章推荐

    自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

    京ICP备14009008号-1@版权所有www.zixuephp.com

    网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

    添加评论