Vulners
Lucene search
2 matches found
PHPB2B网站管理系统SQL注入漏洞(无视防注入)
简要描述: RT 详细说明: 注入链接:/virtual-office/job.php 注入参数:job 漏洞代码:(第52行开始) if !empty$POST'job' && $POST'save' $vals = $POST'job'; pbsubmitcheck'job'; // 验证post提交的token,可直接使用get访问job.php后在网页源码中搜索formhash获取 $nowjobamount = $job-findCountnull, "created".$todaystart." AND memberid=".$thememberid; if...
7.1AI score
Exploits0
TinyShop sql注入#3( 可无限充值)
简要描述: rt 详细说明: 我们看到 /protected/controllers/ucenter.php public function infosave $name = Filter::sqlReq::args"name"; $id = $this-user'id'; $this-model-table"user"-dataarray"name"=$name-where"id=$id"-update; $this-model-table"customer"-where"userid=$id"-update; $obj = $this-model-table"user as...
7.1AI score
Exploits0
20