记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

B2Bbuilder B2B网站管理系统之注入 2013/03/30

2013-07-01 15:15

##########################################

# Title: B2Bbuilder B2B网站管理系统之注入漏洞

# Time:2013/03/30

# Team:c0deplay

#######################################

源码下载地址:

http://down.chinaz.com/soft/24224.htm



程序:B2Bbuilder B2B网站管理系统 v6.6 正式版 20130225



<?php

/**

* powered by b2bbuilder

* Coprighty http://www.b2b-builder.com

* Auter:brad zhang;

* Des:Reveiw

*/

include_once("includes/global.php");

include_once("includes/smarty_config.php");

//===============================================

if (!empty($_GET['ctype']))

{

if ($_GET['ctype']==1)

$sql="select title from ".NEWSD." where nid=".$_GET['conid'];

if ($_GET['ctype']==2)

$sql="select title from ".INFO." where id=".$_GET['conid'];

if ($_GET['ctype']==3)

$sql="select pname as title from ".PRO." where id=".$_GET['conid'];

if ($_GET['ctype']==4)

$sql="select title from ".EXHIBIT." where id=".$_GET['conid'];

if ($_GET['ctype']==5)

$sql="select downname as title from ".down." where id=".$_GET['conid'];

if ($_GET['ctype']==7)

$sql="select projecttitle as title from ".PROJECT." where id=".$_GET['conid'];

$db->query($sql);

$titlemsg=$db->fetchRow();

$titlem=$titlemsg['title'];

$tpl->assign("tmsg",$titlem);

}

$sql="select a.*,b.user from ".COMMENT." a left join ".ALLUSER." b on a.fromuid=b.userid

where a.conid=".intval($_GET['conid'])." and a.ctype=".intval($_GET['ctype']);

//---------------

include_once("includes/page_utf_class.php");

$page = new Page;

$page->listRows=20;

if (!$page->__get('totalRows'))

{

$db->query($sql);

$page->totalRows = $db->num_rows();

}

$sql .= " limit ".$page->firstRow.",20";

//-----------------------------

$db->query($sql);

$review["page"]=$page->prompt();

$review["list"]=$db->getRows();

$tpl->assign("revdetail",$review);

include_once("footer.php");

$tpl->display("rewiew_detail.htm",$flag)

?>

 
 
 
conid未过滤产生注入 
 
 
 
 
修复方案:


过滤
 

知识来源: www.2cto.com/Article/201307/224051.html

阅读:90876 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“B2Bbuilder B2B网站管理系统之注入 2013/03/30”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云