VULHUB ™

帝国ECMS /e/member/list/index.php文件: if($sear) { $keyboard=RepPostVar2($_GET['keyboard']); if($keyboard) { $add.=$where.$user_username." like '%$keyboard%'"; } $search.="&sear=1&keyboard=$keyboard"; } 判断sear参数是否存在,然后直接去keyboard的参数,然后再判断keyboard值是否为空,如果不为 空就直接把keyboard带入查询产生注射漏洞. 帝国ECMS V5 暂无

帝国ECMS /e/member/list/index.php文件: if($sear) { $keyboard=RepPostVar2($_GET['keyboard']); if($keyboard) { $add.=$where.$user_username." like '%$keyboard%'"; } $search.="&sear=1&keyboard=$keyboard"; } 判断sear参数是否存在,然后直接去keyboard的参数,然后再判断keyboard值是否为空,如果不为 空就直接把keyboard带入查询产生注射漏洞. 帝国ECMS V5 暂无