In the easy advertising Union system(ZYADS) sql injection and local include vulnerability-vulnerability warning-the black bar safety net

2009-10-21T00:00:00
ID MYHACK58:62200925086
Type myhack58
Reporter 佚名
Modified 2009-10-21T00:00:00

Description

In the easy advertising Union system(ZYADS) sql injectionand the local include vulnerability

在 index/news.php 1-3 1 row <? the include_once("top.php");

$newsid = intval($_GET['id']);

$to_type = addslashes($_GET['type']);

if ($to_type=='index') { $to_type_s =" and to_type=1"; }

if ($to_type=='webuser') { $to_type_s =" and to_type!= 3"; }

if ($to_type=='webadver') { $to_type_s =" and to_type!= 2"; }

$newssql = 'select * from zyads_news WHERE id =" . $newsid . "

'.$ to_type_s.";

$newsre=$db->query($newssql); $newsrow = $db->fetch_array($newsre); if (empty($newsrow)){

zyads_message('zyads_news'); } ?& gt;

You can see the$to_type not defined or not equal to the index, webuser, the webadver then$to_type_s is not defined

This time we can submit a$to_type_s variablesql injection. A simple inject, huh.

在 /code/adview_cpa_html.php 1-4 6 line <? php /***/ / / / Version : 5.1.0 / / Author : RM / / Comment : 0 7 1 2 2 3 / / / /***/