dedecms两处注入
dedecms最新注入
6月份dede修补的漏洞是一个原理
plus/guestbook.inc.php
require(dirname(__FILE__).'/../../include/common.inc.php');
require_once(DEDEINC."/filter.inc.php");require_once(dirname(__FILE__).'/guestbook/guestbook.inc.php');
............
$query = "INSERT INTO `#@__guestbook`(title,tid,mid,uname,email,homepage,qq,face,msg,ip,dtime,ischeck)
VALUES ('$title','$tid','{$g_mid}','$uname','$email','$homepage','$qq','$img','$msg','$ip','$dtime','$needCheck'); ";plus/bookfeedback.php.
require_once(dirname(__FILE__)."/../include/common.inc.php");
require_once(DEDEINC."/filter.inc.php");
require_once(DEDEINC."/channelunit.func.php");
..............
//保存评论内容
if($comtype == 'comments')
{
$arctitle = addslashes($arcRow['arctitle']);
$arctitle = $arcRow['arctitle'];
if($msg!='')
{
$inquery = "INSERT INTO `#@__bookfeedback`(`aid`,`catid`,`username`,`arctitle`,`ip`,`ischeck`,`dtime`, `mid`,`bad`,`good`,`ftype`,`face`,`msg`)
VALUES ('$aid','$catid','$username','$bookname','$ip','$ischeck','$dtime', '{$cfg_ml->M_ID}','0','0','$feedbacktype','$face','$msg'); ";
$rs = $dsql->ExecuteNoneQuery($inquery);
if(!$rs)
{
echo $dsql->GetError();
exit();
}
}
}
//引用回复
elseif ($comtype == 'reply')
{
$row = $dsql->GetOne("Select * from `#@__bookfeedback` where id ='$fid'");
$arctitle = $row['arctitle'];
$aid =$row['aid'];
$msg = $quotemsg.$msg;
$msg = HtmlReplace($msg,2);
$inquery = "INSERT INTO `#@__bookfeedback`(`aid`,`typeid`,`username`,`arctitle`,`ip`,`ischeck`,`dtime`,`mid`,`bad`,`good`,`ftype`,`face`,`msg`)
VALUES ('$aid','$typeid','$username','$arctitle','$ip','$ischeck','$dtime','{$cfg_ml->M_ID}','0','0','$feedbacktype','$face','$msg')";
$dsql->ExecuteNoneQuery($inquery);
}关于作者
评论22次
- -楼主法眼 还有一处不知道你发现没 就在相近的地方
好东西、、、、