2 matches found
Discuz!4.x wap\index.php 变量覆盖漏洞
Discuz!4.x一直存在着一个变量覆盖漏洞n年了.代码如下: $chs = ''; if$POST && $charset != 'utf-8' $chs = new Chinese'UTF-8', $charset; foreach$POST as $key = $value $$key = $chs-Convert$value; //foreach处理$POST导致变量覆盖 unset$chs;...
Discuz! 4.x - SQL Injection / Admin Credentials Disclosure
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5\b'; function...