Php168 v2008 special.php sql注入漏洞

PHP168整站是PHP领域当前功能最强大的建站系统,代码全部开源,可极其方便的进行二次开发,所有功能模块可以自由安装与删除,个人用户完全免费使用。 在文件member/ special.php中： elseif$job=="showiframe" //第126行 $rsdb=$db-getone"SELECT FROM $prespecial WHERE uid='$lfjuid' AND id='$id'"; …… if$act=="del"&&$aid //第155行 $detail=explode",",$rsdbaids; foreach $detail AS...

Php168 v2008 list.php sql注入漏洞

PHP168整站是PHP领域当前功能最强大的建站系统,代码全部开源,可极其方便的进行二次开发,所有功能模块可以自由安装与删除,个人用户完全免费使用 在文件member/ list.php中： if!$aidDB //第127行 showerr"请至少选择一篇文章"; …… if$Type=='delete' //第49行 makemorearticlehtml"$FROMURL","del0",$aidDB; makemorearticlehtml函数在inc/articfunction.php文件中： function...

Portel v2008 (decide.php patron) Blind SQL Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------------ Portel patron Blind SQL-injection Vulnerability ------------------------------------------------------------------------------ + Author : Chip D3 Bi0s + Email :...

Php168 v2008 elevation of privilege vulnerability-vulnerability warning-the black bar safety net

by Ryat http://www.wolvez.org 2009-01-25 A simple analysis of this vulnerability PHP code 1. common.inc.php 2. 3. if$SERVER'HTTPCLIENTIP' 4. $onlineip=$SERVER'HTTPCLIENTIP'; 5. elseif$SERVER'HTTPXFORWARDEDFOR' 6. $onlineip=$SERVER'HTTPXFORWARDEDFOR'; 7. else 8. $onlineip=$SERVER'REMOTEADDR'; 9. 1...

php168 v2008 default setting of the disaster-vulnerability warning-the black bar safety net

index.php Section 6 3 line start 1. elseif$webdbNewsMakeHtml==1 //if it is to generate static and... 2. 3. $content=obgetcontents; 4. obendclean; 5. obstart; //spare 6. $content=makehtml$content,'index'; 7. echo "$content"; 8. makehtml function code 1. function makehtml$content,$pagetype=" 2...