最土团购 /ajax/coupon.php SQL注入漏洞

最土团购 基础函数过滤不全导致注射。 ajax/coupon.php代码： ...... $cid = strval$GET'id'; //第5行 ...... $coupon = Table::FetchForce'coupon', $cid; //第44行 没有对参数id进行过滤，直接带入了FetchForce，再看看 FetchForce是什么 include/library/table.class.php 第172行 static public function FetchForce$n=null, $ids=array if empty$ids || !$ids return...

Sql injection

SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action...

CVE-2010-4854

SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action...