kppw最新版2处sql注入。

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 二次注入。 ### 详细说明: #1 /www/control/user/account_basic.php ``` ..... $arrMemberExts = kekezu::get_table_data ( "*", "witkey_member_ext", " type='sect' and uid= ".$gUid, "", "", "", "k" ); ........ if ($sect) { foreach ( $sect as $k => $v ) { if ($arrMemberExts [$k]) db_factory::execute ( sprintf ( " update %switkey_member_ext set v1='%s' where k='%s' and uid='%d'", TABLEPRE, $v, $k, $gUid ) ); else { $ext_obj = new Keke_witkey_member_ext_class (); $ext_obj->setK ( $k ); $ext_obj->setV1 ( kekezu::escape ( $v ) ); $ext_obj->setUid ( $gUid ); $ext_obj->setType ( 'sect' ); $ext_obj->create_keke_witkey_member_ext (); } } } ``` 跟到create_keke_witkey_member_ext() ``` function create_keke_witkey_member_ext(){ $data = array(); if(!is_null($this->_ext_id)){ $data['ext_id']=$this->_ext_id; } if(!is_null($this->_uid)){ $data['uid']=$this->_uid; } if(!is_null($this->_k)){ $data['k']=$this->_k; } if(!is_null($this->_v1)){ $data['v1']=$this->_v1; } if(!is_null($this->_v2)){...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息