PHPCMS2008 BETA2 tasteless 0day a-vulnerability warning-the black bar safety net

2008-12-10T00:00:00
ID MYHACK58:62200821423
Type myhack58
Reporter 佚名
Modified 2008-12-10T00:00:00

Description

data\cache_model\member_search.class.php

username directly get into SQL.

Tasteless is because of this hole to the administrator to set the 'registered members' to have a 'search' function.

if($this->modelid) { if($where) $where = "AND $where"; if($this->modelid == 1 0 && $_GET['username']) { $username = $_GET['username']; $where .= "AND username LIKE '%$username%'"; } $sql = "SELECT * FROM $this->table WHERE a. userid=b. userid $where ORDER BY $orderby"; }