行业之星0.87 vote.php注入及修复 - 网站安全 - 自学

 

Team:t00ls Author: Cond0r

代码。

vote.php

 

    if($_REQUEST['op'] == 'poll') {

            if($_POST['op'] && $_POST['vtid']) //得Post提交上去

            {

                    /* 判断是否已经投过票24 =86400 小时限制*/

                    $times = 11600;

                    $add_ip = true;

            $ip = real_ip();   www.2cto.com

            $db_table = $pre."vote_ip";

                $sql = "SELECT add_time FROM ".$pre."vote_ip

                           where vtid = ".$_POST['vtid']."  //vtid没过滤

                               AND ip = '$ip'

                               AND domain_id=".$_SESSION[$un_domain_id].

                               " ORDER BY vipid desc 

                               LIMIT 1 ";

                $Aip = $oPub->selectrow($sql);

 

www.2cto.com修复：针对上述代码过滤vtid

查看更多关于行业之星0.87 vote.php注入及修复 - 网站安全 - 自学的详细内容...