TCCMS SQL注入漏洞3(盲注鸡肋)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: TCCMS SQL注入漏洞3(盲注) ### 详细说明: 在删除文章时: app/controller/news.class.php ``` public function delete() { $_Obj = M($this->objName); $newsObj = M("content"); $msgObj = new Msg(); $id = $_GET['id']; $idAry = $_POST['id'];//注入 $idStr = count($idAry) == 0 ? intval($id) : implode(",", $idAry); $newIdAry = explode(",", $idStr); $idSize = count($newIdAry); if (empty($newIdAry[0]) && empty($id)) { $msgObj->addMsg('error', Config::lang("PLEASECHOOSEDELETEDATA")); } for ($i = 0; $i < $idSize; $i++) { $news = get("news",$newIdAry[$i]); if (Authen::checkIsSelfData($news->uid)) { $newsObj->deleteById($newIdAry[$i]); $_Obj->deleteById($newIdAry[$i]); } else { $msgObj->addMsg('error', Config::lang("CANBEDELNOTSELFNEWS")); } } if (!$msgObj->hasMsg) { $newsObj->delete(); $_Obj->delete(); } header('Location: index.php?ac=news_all&type=user&page='.$_GET["page"]); exit; } ``` 跟进deleteById。system/core/model.class.php: ``` public function deleteById($id) { $this->db->Delete($this->table, $this->PRI,...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息