phpshe某处SQL注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: phpshe 注入漏洞 ### 详细说明: ``` /module/index/product.php case 'list': $category_id = intval($id); $info = $db->pe_select('category', array('category_id'=>$category_id)); //搜索 $sqlwhere = " and `product_state` = 1"; pe_lead('hook/category.hook.php'); if ($category_id) { $sqlwhere .= is_array($category_cidarr = category_cidarr($category_id)) ? " and `category_id` in('".implode("','", $category_cidarr)."')" : " and `category_id` = '{$category_id}'"; } $_g_keyword && $sqlwhere .= " and `product_name` like '%{$_g_keyword}%'"; if ($_g_orderby) { $orderby = explode('_', $_g_orderby); $sqlwhere .= " order by `product_{$orderby[0]}` //把get参数分割_之后带入查询~{$orderby[1]}"; } else { $sqlwhere .= " order by `product_id` desc"; } $info_list = $db->pe_selectall('product', $sqlwhere, '*', array(16, $_g_page)); //热卖排行 ``` ### 漏洞证明: 测试方法 http://127.0.0.1/phpshe/index.php?mod=product&act=list&orderby=a%27_b [<img...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息