网站地图    收藏   

主页 > 后端 > 网站安全 >

phpyun某功能对参数处理不严可导致sql注入 - 网站

来源:自学PHP网    时间:2015-04-16 23:15 作者: 阅读:

[导读] phpyun 个人会员中心member model index class php$_COOKIE[usertype];参数存在注入,从下面代码中可以看到$data[usertype] 直接读取COOKIE的值,带入到sql中,sql未对值进行过滤处理function msg_...

phpyun 个人会员中心
 
 
 
member/model/index.class.php 
 
 
 
$_COOKIE["usertype"];参数存在注入,
 
 
 
从下面代码中可以看到$data["usertype"] 直接读取COOKIE的值,带入到sql中,
 
sql未对值进行过滤处理
 
 
 
function msg_action(){

if($_GET["del"]){

$nid=$this->obj->DB_delete_all("userid_msg","`id`='".$_GET["del"]."' and `uid`='".$this->uid."'");

isset($nid)?$this->obj->ACT_msg("index.php?C=msg","删除成功"):$this->obj->ACT_msg("index.php?C=msg","删除失败");

}

$this->public_action();

$urlarr=array("C"=>"msg","page"=>"{{page}}");

$pageurl=$this->url("index","index",$urlarr);

$this->get_page("userid_msg","`uid`='".$this->uid."' and type!='1' order by id desc",$pageurl,"20");

if($_GET["c_uid"]){

$data["c_uid"]=$_GET["c_uid"];

$data["inputtime"]=mktime();

$data["p_uid"]=$_COOKIE["uid"];

$data["usertype"]=$_COOKIE["usertype"];

$data["com_name"]=$_GET["c_name"];

$haves=$this->obj->DB_select_once("blacklist","`p_uid`=".$data["p_uid"]." and `c_uid`=".$data["c_uid"]."  and `usertype`=".$data["usertype"]."");

if(is_array($haves)){

$this->obj->ACT_msg($_SERVER['HTTP_REFERER'],"该用户已在您黑名单中");

}else{

$nid=$this->obj->insert_into("blacklist",$data);

$this->obj->DB_delete_all("userid_msg","`uid`=".$data["p_uid"]." and `fid`=".$data["c_uid"].""," ");

$nid?$this->obj->ACT_msg($_SERVER['HTTP_REFERER'],"操作成功"):$this->obj->ACT_msg($_SERVER['HTTP_REFERER'],"操作失败");

}

}




function DB_select_once($tablename, $where = 1, $select = "*") {

$cachename=$tablename.$where;

if(!$return=$this->Memcache_set($cachename)){

$SQL = "SELECT ".$select." FROM " . $this->def . $tablename . " WHERE ".$where." limit 1";

            echo $SQL;

$query = $this->db->query($SQL);

$return=$this->db->fetch_array($query);

$this->Memcache_set($cachename,$return);

}



return $return;

}

 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论