2014-12-25: 细节已通知厂商并且等待厂商处理中 2014-12-30: 厂商主动忽略漏洞,细节向第三方安全合作伙伴开放 2015-02-23: 细节向核心白帽子及相关领域专家公开 2015-03-05: 细节向普通白帽子公开 2015-03-15: 细节向实习白帽子公开 2015-04-02: 细节向公众公开
两头牛在一起吃草,青牛问黑牛:“喂!你的草是什么味道?”黑牛道:“草莓味!”青牛靠过来吃了一口,愤怒地喊到:“你骗我!”黑牛轻蔑地看他一眼,回道:“笨蛋,我说草没味。”
#1 source\message.php
function add(){ if($GLOBALS['G_DY']['vercode']==1){ if(!$this->syArgs("vercode",1)||md5(strtolower($this->syArgs("vercode",1)))!=$_SESSION['doyo_verify'])message("验证码错误"); } if(!$this->syArgs('tid'))message("请选择栏目"); $tid=$this->syArgs('tid'); $this->type=syDB('classtype')->find(array('tid'=>$tid),null,'molds,classname,msubmit'); if($this->type['msubmit']!=1){ $this->member->p_r($this->type['msubmit']); } $isshow = ($this->my['group']['audit']==1) ? 1 : 0; $user = ($this->my['id']!=0) ? $this->my['user'] : '游客'; $fmolds = ($this->syArgs('fmolds',1)!='') ? $this->syArgs('fmolds',1) : ''; $title = ($this->syArgs('title',1)!='') ? $this->syArgs('title',1) : $this->type['classname']; $body = ($this->syArgs('body',1)!='') ? $this->syArgs('body',1) : ''; $row1 = array('tid' => $tid,'fmolds' => $fmolds,'faid' => $this->syArgs('faid'),'title' => $title,'addtime' => time(),'orders' => 0,'isshow' => $isshow,'user' => $user,'body' => $body,'reply'=>''); $row2=$this->fields_args('message',$tid); $add = syClass('c_message');$newv=$add->syVerifier($row1); if(false == $newv){ $a=$add->create($row1);$row2=array_merge($row2,array('aid' => $a)); syDB('message_field')->create($row2); if($this->my['id']!=0){ syDB('member_file')->update(array('hand'=>$this->syArgs('hand'),'uid'=>$this->my['id']),array('hand'=>0,'aid'=>$a,'molds' => 'message')); }else{ syDB('member_file')->update(array('hand'=>$this->syArgs('hand'),'ip'=>GetIP()),array('hand'=>0,'aid'=>$a,'molds' => 'message')); } message('发布成功',$GLOBALS["WWW"]); }else{message_err($newv);} }
message 是可以控制的
正常情况是这样
这里已经报错了
注入成功:
过滤!!
危害等级:无影响厂商忽略
忽略时间:2015-04-02 10:23
暂无