Discuz x3.2前台GET型SQL注入漏洞(绕过全局WAF)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

/source/include/misc/misc_stat.php 46行: ``` if(!empty($_GET['xml'])) { $xaxis = ''; $graph = array(); $count = 1; $begin = dgmdate($beginunixstr, 'Ymd'); $end = dgmdate($endunixstr, 'Ymd'); $field = '*'; if(!empty($_GET['merge'])) { if(empty($_GET['types'])) { $_GET['types'] = array_merge($cols['login'], $cols['forum'], $cols['tgroup'], $cols['home'], $cols['space']); } $field = 'daytime,`'.implode('`+`', $_GET['types']).'` AS statistic'; $type = 'statistic'; } foreach(C::t('common_stat')->fetch_all($begin, $end, $field) as $value) { $xaxis .= "<value xid='$count'>".substr($value['daytime'], 4, 4)."</value>"; if($type == 'all') { foreach ($cols as $ck => $cvs) { if($ck == 'login') { $graph['login'] .= "<value xid='$count'>$value[login]</value>"; $graph['register'] .= "<value xid='$count'>$value[register]</value>"; } else { $num = 0; foreach ($cvs as $cvk) { $num = $value[$cvk] + $num; } $graph[$ck] .= "<value xid='$count'>".$num."</value>"; } } } else { //var_dump($value);exit;...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息