PHPweb 建站系统 cookies 注入漏洞

漏洞页面：member/post.php

<?php
define("ROOTPATH", "../");
include(ROOTPATH."includes/common.inc.php");
include("language/".$sLan.".php");
include(ROOTPATH."member/includes/member.inc.php");


$act = $_POST['act'];

switch($act){
...略

        //读取头像
        case "loadface":
                SecureMember();
                $memberid=$_COOKIE["MEMBERID"];

                $fsql->query("select nowface from {P}_member where memberid='$memberid'");//这里触发sql注入漏洞 如 1'and '1'='1
                if($fsql->next_record()){
                        $nowface=$fsql->f('nowface');
                }
                echo $nowface;
                exit;

        break;
}

转自：http://www.90sec.org/thread-1865-1-1.html

文章目录