php168 v5. 0 another injection vulnerabilities-vulnerability warning-the black bar safety net

2009-09-06T00:00:00
ID MYHACK58:62200924556
Type myhack58
Reporter 佚名
Modified 2009-09-06T00:00:00

Description

by:xhming

member/list.php

if($step==2) { if(!$ aidDB) //----------------------------------------- { showerr("ÇëÖÁÉÙÑ¡ÔñÒ"ƪÎÄÕÂ"); } elseif(!$ Type) { showerr("ÇëÑ¡Ôñ2Ù×÷Ä¿±ê,ÊÇɾ3ý"1ÊÇÉóºËµÈ..."); }

if($Type=='yz'){ if($T_yz<1){ $Type=='unyz'; } }elseif($Type=='leavels'){ if($levels<1){ $Type='uncom'; } else{ $levels=1; $Type='com'; } } if($Type=='delete'){ make_more_article_html("$FROMURL","del_0",$aidDB); }

function make_more_article_html($comebackurl='/',$type=",$aidDB="){ global $db,$pre,$webdb,$webdb; if($webdb[NewsMakeHtml]!= 1||$aidDB==") { return ; } $string=implode(",",$aidDB); $query = $db->query("SELECT A.*,B. bencandy_html,B. list_html FROM {$pre}article A LEFT JOIN {$pre}sort B ON A. fid=B. fid WHERE A. aid IN ($string)"); while($rs = $db->fetch_array($query)){

$aidDB no filtering on the query.

!