phpcms2008 & phpcms2007 GBK版ask/search_ajax.php SQL注射漏洞
PHPCMS 是国内领先的网站管理系统,同时也是一个开源的PHP开发框架 漏洞文件:ask/searchajax.php code: ?php require './include/common.inc.php'; requireonce MODROOT.'include/ask.class.php'; $ask = new ask; header'Content-type: text/html; charset=utf-8'; ifstrtolowerCHARSET != 'utf-8' $q = iconvCHARSET, 'utf-8', $q; if$q $where = "...