TinyShop SQL注入2

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 参数未过滤,导致注入 ### 详细说明: 问题出现在/protected/controllers/ucenter.php中: ``` public function info_save() { $rules = array('name:required:昵称不能为空!','real_name:required:真实姓名不能为空!','sex:int:性别必需选择!','birthday:date:生日日期格式不正确!','mobile:mobi:手机格式不正确','phone:phone:电话格式不正确'); $info = Validator::check($rules); if(is_array($info)){ $this->redirect("info",false,array('msg'=>array("info",$info['msg']))); }else{ $data = array( 'name'=>Filter::str(Req::args('name')), 'real_name'=>Filter::str(Req::args('real_name')), 'sex'=>Filter::int(Req::args('sex')), 'birthday'=>Req::args('birthday'), 'mobile'=>Req::args('mobile'), 'phone'=>Req::args('phone'), 'province'=>Req::args('province'), 'city'=>Req::args('city'), 'county'=>Req::args('county'), 'addr'=>Filter::text(Req::args('addr'))//上面几个参数都没有过滤,直接赋值了,但是Validator::check($rules)函数会队一些参数做验证,看看addr吧,用Filter::text函数过滤了,我们跟一下 ); } $name = Filter::sql(Req::args("name")); $id = $this->user['id'];...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息