帝国ECMS V5 /e/member/list/index.php注入漏洞

帝国ECMS /e/member/list/index.php文件: if$sear $keyboard=RepPostVar2$GET'keyboard'; if$keyboard $add.=$where.$userusername." like '%$keyboard%'"; $search.="&sear=1&keyboard=$keyboard"; 判断sear参数是否存在,然后直接去keyboard的参数,然后再判断keyboard值是否为空,如果不为 空就直接把keyboard带入查询产生注射漏洞. 帝国ECMS V5 暂无...

Empire ECMS 0Day V5. 0 injection vulnerability analysis-vulnerability warning-the black bar safety net

Empire ECMS /e/member/list/index. php file: if$sear $keyboard=RepPostVar2$GET'keyboard'; if$keyboard $add.=$ where.$ userusername." like '%$keyboard%'"; $search.="& amp;sear=1&keyboard=$keyboard"; Judge sear whether the parameters exist,then go directly to the keyboard of the parameters,and then...