3 matches found
TinyRise 邮件欺诈可重置任何人密码和后台sql注射
简要描述: TinyRise 邮件欺诈可重置任何人密码和后台sql注射 详细说明: simple.php: public function forgetact $email = Filter::sqlReq::args'email'; $model = $this-model-table'user'; $obj = $model-where"email = '".$email."'"-find; if!empty$obj $model = $this-model-table'resetpassword'; $obj = $model-where"email =...
TinyRise最新版前台任意文件包含漏洞
简要描述: TinyRise最新版20140926任意文件包含漏洞,一定条件下,可getshell 详细说明: 漏洞发生在framework/web/controller/Controllerclass.php文件的renderExecute函数: renderExecute函数存在extract变量覆盖,关键代码如下: public function renderExecute$runfile0123456789,$data0123456789 ...//省略无关代码 if$datas0123456789!==null extract$datas0123456789;...
TinyRise 最新版sql注入
简要描述: TinyRise 最新版sql注入 详细说明: simple.php: $ordertype = 2; else if$type=="bundbuy"//捆绑销售处理 $productids = implode',', $productid; $num = Filter::int$buynum0; $model = new Model"bundling"; $bund = $model-where"id=$id"-find; if$bund $goodsid = $bund'goodsid'; $products = $model-table"goods as...