ECSHOP后台注入 – 网站安全 – 自学php

时间: 2020-10-10|tag: 61次围观|0 条评论

ECSHOP 后台注入 漏洞 刚挖的 热乎的。。之前分次提交是因为 一边挖一边提交的   admin/favourable.php   

if ($_REQUEST['act'] == 'list')

{

    admin_priv('favourable');





function favourable_list()

{echo 22222222222222;

    $result = get_filter();

    if ($result === false)

    {

        /* 过滤条件 */

        $filter['keyword']    = empty($_REQUEST['keyword']) ? '' : trim($_REQUEST['keyword']);

        if (isset($_REQUEST['is_ajax']) && $_REQUEST['is_ajax'] == 1)

        {

            $filter['keyword'] = json_str_iconv($filter['keyword']);

        }

        $filter['is_going']   = empty($_REQUEST['is_going']) ? 0 : 1;

        $filter['sort_by']    = empty($_REQUEST['sort_by']) ? 'act_id' : trim($_REQUEST['sort_by']);//参数没过滤

        $filter['sort_order'] = empty($_REQUEST['sort_order']) ? 'DESC' : trim($_REQUEST['sort_order']);



        $where = "";

        if (!empty($filter['keyword']))

        {

            $where .= " AND act_name LIKE '%" . mysql_like_quote($filter['keyword']) . "%'";

        }

        if ($filter['is_going'])

        {

            $now = gmtime();

            $where .= " AND start_time <= '$now' AND end_time >= '$now' ";

        }



        $sql = "SELECT COUNT(*) FROM " . $GLOBALS['ecs']->table('favourable_activity') .

                " WHERE 1 $where";

        $filter['record_count'] = $GLOBALS['db']->getOne($sql);



        /* 分页大小 */

        $filter = page_and_size($filter);



        /* 查询 */

        $sql = "SELECT * ".

                "FROM " . $GLOBALS['ecs']->table('favourable_activity') .

                " WHERE 1 $where ".

                " ORDER BY $filter[sort_by] $filter[sort_order] ".//直接带入查询

                " LIMIT ". $filter['start'] .", $filter[page_size]";

 

测试方法   127.0.0.1/ec/admin/favourable.php?act=query&sort_by='1&id=1   ECSHOP后台注入 – 网站安全 – 自学php插图 修复方案: 你猜

    上一篇: YXcmsApp注入 - 网站安全 - 自学php

    下一篇: 新浪邮箱存储型XSS(字符集缺陷) - 网站安全
本博客所有文章如无特别注明均为原创。
复制或转载请以超链接形式注明转自起风了,原文地址《ECSHOP后台注入 – 网站安全 – 自学php
   

还没有人抢沙发呢~