FineCMS 最新版sql注入一枚(无防御)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: FineCMS 最新版sql注入一枚 厂商不会又说6月份已经修复吧,我说了这只是一个开始.............................................................................................. ### 详细说明: 直接看代码: member/controllers/pm.php:(lines:27-37): ``` public function index() { if (IS_POST) { if ($this->input->post('action') == 'read') { $this->pm_model->set_read($this->uid, $this->input->post('ids')); exit(dr_json(1, lang('000'))); } else { $this->pm_model->deletes($this->uid, $this->input->post('ids')); exit(dr_json(1, lang('000'))); } } ``` 发现了没有这里有一行: $this->pm_model->set_read($this->uid, $this->input->post('ids')); 跟进去看一下: pm_modle.php(lines:150-190): ``` public function set_read($uid, $ids) { if (!$ids) { return NULL; } foreach ($ids as $plid) { echo "UPDATE ".$this->db->dbprefix('pm_members')." SET isnew=0 WHERE plid=$plid AND uid=$uid AND isnew=1"; $this->db ->query("UPDATE ".$this->db->dbprefix('pm_members')." SET isnew=0 WHERE plid=$plid AND uid=$uid AND isnew=1"); } } ```...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息