Destoon Sql注入漏洞之3

简要描述： 过滤不严。 详细说明： 在api/js.php中 if$SERVER'QUERYSTRING' $exprise = isset$GET'tagexpires' ? intval$GET'tagexpires' : 0; $moduleid = isset$GET'moduleid' ? intval$GET'moduleid' : 0; $moduleid 3 or exit'document.write"Bad Parameter";'; $tag = $SERVER'QUERYSTRING'; $SERVER'QUERYSTRING' =...

destoon full version SQL injection vulnerability-vulnerability warning-the black bar safety net

在 include/global.func.php in stripsql function to pass the incoming value for the filter, but we can bypass this limit, to achieve the full version of the injected function stripsql$string $search =...