phpcms v9 2013-02-01 members of the center injection vulnerability analysis report-vulnerability warning-the black bar safety net

2013-02-02T00:00:00
ID MYHACK58:62201337118
Type myhack58
Reporter 佚名
Modified 2013-02-02T00:00:00

Description

Report name: phpcms v9 2013-02-01 members of the center injection vulnerability analysis report

Vulnerability author: skysheep

Analysis author: Seay

Blog: http://www.cnseay.com/

Vulnerability analysis:

The vulnerability exists in the phpcms\modules\member\index.php file account_manage_info function, and its function is to update the membership information.

|

public function account_manage_info() { if(isset($_POST['dosubmit'])) { //Update the user nickname $nickname = isset($_POST['nickname']) && trim($_POST['nickname']) ? trim($_POST['nickname']) : "; if($nickname) { $this->db->update(array('nickname'=>$nickname), array('userid'=>$this->memberinfo['userid'])); if(! isset($cookietime)) { $get_cookietime = param::get_cookie('cookietime'); } $_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0); $cookietime = $_cookietime ? TIME + $_cookietime : 0; param::set_cookie('_nickname', $nickname, $cookietime); } require_once CACHE_MODEL_PATH.'member_input.class.php'; require_once CACHE_MODEL_PATH.'member_update.class.php'; $member_input = new member_input($this->memberinfo['modelid']); $modelinfo = $member_input->get($_POST['info']); $this->db->set_model($this->memberinfo['modelid']); $membermodelinfo = $this->db->get_one(array('userid'=>$this->memberinfo['userid'])); if(! empty($membermodelinfo)) { $this->db->update($modelinfo, array('userid'=>$this->memberinfo['userid'])); } else { $modelinfo['userid'] = $this->memberinfo['userid']; $this->db->insert($modelinfo); }


[1] [2] [3] [4] next