TinyShop Sql Injection 1(无视GPC)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: TinyShop Sql Injection 1(无视GPC) ### 详细说明: 后台登陆界面存在检查功能,不安全取值导致的SQL注入。 ``` /controller/controller_class.php public function check() { $this->safebox = Safebox::getInstance(); $this->title='后台登录'; $code = $this->safebox->get($this->captchaKey); if($code != strtolower(Req::args($this->captchaKey))) { $this->msg='验证码错误!'; $this->layout = ""; $this->redirect('login',false); } else { $manager = new Manager(Req::args('name'),Req::args('password')); $this->msg='验证码错误!'; if($manager->getStatus() == 'online') { $back = Req::args('callback'); $model = new Model("manager"); $model->data(array('last_ip'=>Chips::getIP(),'last_login'=>date("Y-m-d H:i:s")))->where("id=".$manager->id)->update(); //这里有一个getIP函数,跟入。 if($back === null) $back = $this->defaultAction; $this->redirect($back,true); } else { $this->msg='用户名或者密码错误'; $this->layout = ""; $this->redirect('login',false); } } } ``` getip函数跟进。 /framework/lib/util/chips_class.php public static function getIP() { if...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息