Lying in bed reading the Code of phpcms sql injection vulnerability-vulnerability warning-the black bar safety net

2012-11-30T00:00:00
ID MYHACK58:62201235835
Type myhack58
Reporter 佚名
Modified 2012-11-30T00:00:00

Description

Lying in bed reading the Code of phpcms [0x01]

In phpcms/modules/formguide/index. in php 5 7.

$formguide_input = new formguide_input($formid);

$data = $formguide_input->get($_POST['info']);

Here call a class,formguide_input, and then a get function to process$_POST over the info, then, we take a look at this get function

function get($data,$isimport = 0) {

$this->data = $data;

$info = array();

foreach($this->fields as $field) {

...... Omitted a few lines won't die.

$value = $data[$field['field']];

//Here the value using the data value, the data is in$_POST['info']

...... Omitted a few lines won't die.

if($maxlength && $length > $maxlength) {

if($isimport) {

$value = str_cut($value,$maxlength,");

//value used str_cut the interception of a byte

} else {

showmessage($name.' '. L('not_more_than').' '.$ maxlength. L('characters'));

}

[1] [2] [3] [4] next