逐浪CMS注入漏洞两处

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 无需登录,完美的注射点! ### 详细说明: ``` 0x1 App_Web_rckpp0om.dll User_file 类,Page_Load()事件就有问题 if ((base.Request["state"] != null) && (base.Request["state"] == "tr")) { string str4 = base.Request.QueryString["FD"]; this.FileUrl = this.FileJiema(str4); this.hid.Value = str4; this.file = this.bfile.SelectFile(string.Concat(new object[] { " FileName='", this.FileUrl, "' and userid=", this.ull.GetLogin().UserID }));//注入点 if (this.file.DownUrl == null) { base.Response.Write("0"); base.Response.End(); } 看一下bfile.SelectFile(string)函数,拼接SQL语句 public M_File SelectFile(string where) { if (where == "") { this.sql = "select * from ZL_File"; } else { this.sql = "select * from ZL_File where " + where; } M_File file = new M_File(); SqlDataReader reader = SqlHelper.ExecuteReader(CommandType.Text, this.sql); if (reader.Read()) { file.UserID = Convert.ToInt32(reader["UserID"]); file.State = Convert.ToInt32(reader["State"]); file.ExtractionCode = reader["ExtractionCode"].ToString(); file.DownUrl =...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息