简单CMS多处SQL注入漏洞

1,注射一 [php]public function accountAction() { $user_mod = M ( "User" ); $data ['name'] = $_POST ["name"]; $data ['age'] = $_POST ["age"]; $data ['sex'] = $_POST ["sex"]; $data ['info'] = $_POST ["info"]; $province = ($_POST ['province'] == "请选择") ? '' : $_POST ['province']; $city = ($_POST ['city'] == "请选择") ? '' : "|" . $_POST ['city']; ; $county = ($_POST ['county'] == "请选择") ? '' : "|" . $_POST ['county']; ; $data ['address'] = $province . $city . $county; $name = $_POST ["name"]; $id = $_POST ["id"];//获取 $user_info = $user_mod->where ( "name='$name' and is_del=0" )->find ();//查询 $oldUname = $user_mod->where ( "id=$id and is_del=0" )->getField ( "name" ); echo "id=$id and is_del=0" ;[/php] http://127.0.0.1/jd/index.php?a=accountAction&m=Uc&g=Home&id=1 post id=1%Inject_Here% 2,注射二 [php]public function likeItemsDel() { $items_mod = M ( "Items" ); $user_mod = M ( "User" ); $items_id = $_GET ['id']; $uid = $_COOKIE ['id']; $items_likes_mod = M ( "Items_likes" ); $del = $items_likes_mod->where ( "items_id=$items_id and uid=$uid" )->delete (); if ($del) { $items_mod->where ( "id=$items_id" )->setDec ( 'likes', 1 ); // 商品的喜欢数减1 $user_mod->where ( "id=$uid" )->setDec ( 'likes_num', 1 ); $url = get_url ( 'like', '', 'user' ); header ( 'location:' . $url ); } } [/php] http://127.0.0.1/jd/index.php?a=likeItemsDel&m=Uc&g=Home&id=1 Accept: */* Cookie: id=1%Inject_Here% User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij 3,注射三 [php]public function albumItemsDel() { C ( 'TOKEN_ON', false ); $items_id = $_GET ['id'];//获取 $aid = $_GET ['aid'];//获取 $items_mod = M ( "Items" ); $album_mod = M ( "Album" ); $album_items_mod = M ( "Album_items" ); $uid = $album_mod->where ( "id=$aid and is_del=0" )->getField ( "uid" ); echo "id=$aid and is_del=0"; if ($uid == $_COOKIE ['id']) { $del = $album_items_mod->where ( "pid=$aid and items_id=$items_id" )->delete (); if ($del) { $url = get_url ( 'albumDetail', $aid, 'user' ); header ( 'location:' . $url ); } } }[/php] http://127.0.0.1/jd/index.php?a=albumItemsDel&m=Uc&g=Home&aid=1

发表评论