On the know Chong Yu intercepted the soil 0day-vulnerability warning-the black bar safety net

2012-12-27T00:00:00
ID MYHACK58:62201236408
Type myhack58
Reporter 佚名
Modified 2012-12-27T00:00:00

Description

The day before yesterday in the microblogging see on the know Chong Yu sent most soil buy the 0day, the day before yesterday evening under a source code see, because just for microblogging on the screenshot to see, should the analysis is not comprehensive.

Look at the page:./ include/library/DB.class.php that code is as follows:

---------------code-----------------

static public function GetDbRowById($table, $ids=array()) {

$one = is_array($ids) ? false : true;

settype($ids, 'array');

//var_dump($ids);

$idstring = join('\',\", $ids);

if(preg_match('/[\s]/', $idstring)) return array();//no spaces, use/**/instead of

$q = "SELECT * FROM {$table} WHERE id IN ('{$idstring}')";

//var_dump($q);

$r = self::GetQueryResult($q, $one);//no filter, directly to the query.

if ($one) return $r;

return Utility::AssColumn($r, 'id');

}

------------------code---------------

Then the search function GetDbRowById (), found only in files:./ include/library/Table. class. in php there is call, the code is as follows:

--------------------code0--------------

static private function _Fetch($n=null, $ids=array()) {

[1] [2] [3] [4] next