phpyun recruitment cms injection vulnerability-vulnerability warning-the black bar safety net

2013-12-09T00:00:00
ID MYHACK58:62201341393
Type myhack58
Reporter 佚名
Modified 2013-12-09T00:00:00

Description

require_once("alipay_config.php"); require_once("class/alipay_service.php"); require_once(dirname(dirname(dirname(FILE)))."/ data/db.config.php"); require_once(dirname(dirname(dirname(FILE)))."/ include/mysql.class.php"); $db = new mysql($db_config['dbhost'], $db_config['dbuser'], $db_config['dbpass'], $db_config['dbname'], ALL_PS, $db_config['charset']); $sql=$db->query("select * from ".$ db_config["def"]."company_order where order_id='$_POST[dingdan]'"); //echo "select * from ".$ db_config["def"]."company_order where order_id='$_POST[dingdan]'";//injection point $row=mysql_fetch_array($sql); //exit(); /the following parameter is required by the order when the order data incoming to come in to get/ //mandatory parameters $out_trade_no = $_POST['dingdan']; //check with your website order system The unique order number matching $subject = $_POST['dingdan']; //order name displayed in the PayPal checkout in the“Product name”, displayed on the PayPal transaction management“Product Name”list. $body = $row['order_remark']; //order description, order details, order notes, displayed on the PayPal checkout in the“description of goods”. $total_fee = $row['order_price']; //the total order amount displayed on the PayPal checkout in the“to cope with the total amount”.

Test mode

http://127.0.0.1/yun/api/alipay/alipayto.php POST dingdan=1 1 1