漏洞发者:落叶纷飞
dedecms漏洞还有几个 打算每天发布一个了
-----------------------------------------------------------------------------
注射group/search.php
................................................................................................
if(empty($sad)) $sad = "t";
if(empty($keyword)){
ShowMsg("错误,请输入搜索关键字!","-1");
exit();
}
if($sad=="g"){
$searchtable = "#@__groups";
$WhereSql = "WHERE ishidden=0 AND groupname like '%".$keyword."%'";
$Orders = "ORDER BY stime DESC";
}else{
$searchtable = "#@__group_threads";
$WhereSql = "WHERE closed=0 AND subject like '%".$keyword."%'";
$Orders = "ORDER BY lastpost DESC";
}
..............................................................................................