Search...

php168 v5. 0 another injection vulnerabilities-vulnerability warning-the black bar safety net

2009-09-06T00:00:00

ID MYHACK58:62200924556
Type myhack58
Reporter 佚名
Modified 2009-09-06T00:00:00

Description

by:xhming

member/list.php

if($step==2) { if(!$ aidDB) //----------------------------------------- { showerr("ÇëÖÁÉÙÑ¡ÔñÒ"ÆªÎÄÕÂ"); } elseif(!$ Type) { showerr("ÇëÑ¡Ôñ2Ù×÷Ä¿±ê,ÊÇÉ¾3ý"1ÊÇÉóºËµÈ..."); }

if($Type=='yz'){ if($T_yz<1){ $Type=='unyz'; } }elseif($Type=='leavels'){ if($levels<1){ $Type='uncom'; } else{ $levels=1; $Type='com'; } } if($Type=='delete'){ make_more_article_html("$FROMURL","del_0",$aidDB); }

function make_more_article_html($comebackurl='/',$type=",$aidDB="){ global $db,$pre,$webdb,$webdb; if($webdb[NewsMakeHtml]!= 1||$aidDB==") { return ; } $string=implode(",",$aidDB); $query = $db->query("SELECT A.*,B. bencandy_html,B. list_html FROM {$pre}article A LEFT JOIN {$pre}sort B ON A. fid=B. fid WHERE A. aid IN ($string)"); while($rs = $db->fetch_array($query)){

$aidDB no filtering on the query.

!

JSON Vulners Source

Initial Source

{"description": "by:xhming\n\nmember/list.php\n\nif($step==2) \n{ \nif(!$ aidDB) //----------------------------------------- \n{ \nshowerr(\"\u00c7\u00eb\u00d6\u00c1\u00c9\u00d9\u00d1\u00a1\u00d4\u00f1\u00d2\"\u00c6\u00aa\u00ce\u00c4\u00d5\u00c2\"); \n} \nelseif(!$ Type) \n{ \nshowerr(\"\u00c7\u00eb\u00d1\u00a1\u00d4\u00f12\u00d9\u00d7\u00f7\u00c4\u00bf\u00b1\u00ea,\u00ca\u00c7\u00c9\u00be3\u00fd\"1\u00ca\u00c7\u00c9\u00f3\u00ba\u00cb\u00b5\u00c8...\"); \n} \n\nif($Type=='yz'){ \nif($T_yz<1){ \n$Type=='unyz'; \n} \n}elseif($Type=='leavels'){ \nif($levels<1){ \n$Type='uncom'; \n} \nelse{ \n$levels=1; \n$Type='com'; \n} \n} \nif($Type=='delete'){ \nmake_more_article_html(\"$FROMURL\",\"del_0\",$aidDB); \n} \n\n\nfunction make_more_article_html($comebackurl='/',$type=\",$aidDB=\"){ \nglobal $db,$pre,$webdb,$webdb; \nif($webdb[NewsMakeHtml]!= 1||$aidDB==\") \n{ \nreturn ; \n} \n$string=implode(\",\",$aidDB); \n$query = $db->query(\"SELECT A.*,B. bencandy_html,B. list_html FROM {$pre}article A LEFT JOIN {$pre}sort B ON A. fid=B. fid WHERE A. aid IN ($string)\"); \nwhile($rs = $db->fetch_array($query)){ \n\n\n$aidDB no filtering on the query.\n\n\n\n\n! [](/Article/UploadPic/2009-9/20099623207402.jpg)\n", "id": "MYHACK58:62200924556", "edition": 1, "references": [], "reporter": "\u4f5a\u540d", "modified": "2009-09-06T00:00:00", "lastseen": "2016-11-02T19:49:12", "published": "2009-09-06T00:00:00", "viewCount": 0, "enchantments": {"score": {"value": 1.1, "vector": "NONE", "modified": "2016-11-02T19:49:12", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-02T19:49:12", "rev": 2}, "vulnersScore": 1.1}, "type": "myhack58", "title": "php168 v5. 0 another injection vulnerabilities-vulnerability warning-the black bar safety net", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "info", "cvelist": [], "href": "http://www.myhack58.com/Article/html/3/62/2009/24556.htm", "immutableFields": []}