CmsEasy 5.6 /celive/live/header.php SQL注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

<p>整个漏洞详情在书安杂志中进行了详细的说明。</p><p>链接:<a href="https://www.secbook.net" rel="nofollow">https://www.secbook.net</a></p><p></p><p>在_parseObjXml 凼数中$rootTag 就是传入的 xml 中的第一个标签,返里判断是 xjxobj&nbsp;还是 xjxquery</p><p>当$rootTag 为 xjxquery&nbsp;时<br></p><p>将传入的参数内容通过 parse_str 处理 parse_str($sQuery, $aArray);</p><p>然后当 get_magic_quotes_gpc() == 1 == on的时候候,将传入的参数值反转义<br></p><pre data-lang="php" class="lang-php">$newArray[$sKey] = stripslashes($sValue);</pre><p>进入postdata函数。</p><pre data-lang="php" class="lang-php">function Postdata($a) { global $db; $chatid = $_SESSION['chatid']; $name = $_SESSION['name']; $a['detail'] = htmlspecialchars($a['detail']); if (!get_magic_quotes_gpc()) { $a['detail'] = addslashes($a['detail']); } $detail = $a['detail'] . ' (' . date('Y-m-d H:i:s', time()) . ')'; $sql = "INSERT INTO `detail` (`chatid`,`detail`,`who_witter`) VALUES('" . $chatid . "','" . $detail . "','2')"; $db-&gt;query($sql); $input = "&lt;span class=\"vschat\"&gt;&lt;b&gt;" . $name . ":&lt;/b&gt; " ....

0%
暂无可用Exp或PoC
当前有0条受影响产品信息