DATABASE RESOURCES PRICING ABOUT US

{"sourceData": "", "status": "details", "description": "### \u7b80\u8981\u63cf\u8ff0\uff1a\n\nSql Injection\n\n### \u8be6\u7ec6\u8bf4\u660e\uff1a\n\n\u6ce8\u5165\u5728XDCMS\u4f01\u4e1a\u7ba1\u7406\u7cfb\u7edf\u540e\u53f0\u7684\u677f\u5757\u7f16\u8f91\u5904\uff0c\\system\\modules\\xdcms\\language.php\u6587\u4ef6\uff1a\n\u7ba1\u7406\u5458\u5728\u7f16\u8f91\u677f\u5757\u7684\u65f6\u5019\u4f1a\u8c03\u7528editsave()\u51fd\u6570\uff0c\u4e03\u6ce8\u5165\u70b9\u5c31\u51fa\u73b0\u5728\u8be5\u51fd\u6570\u91cc\uff1a\n\n\n```\npublic function editsave(){\n\t\t$id=isset($_POST['id'])?intval($_POST['id']):0;\n\t\t$title=safe_html($_POST['title']);//title\u4e2dsafe_html\u7684\u89c4\u5219\u53ef\u88ab\u5927\u5199\u5b57\u6bcd\u7ed5\u8fc7\n\t\t$sitename=safe_html($_POST['sitename']);//\u540c\u4e0a\n\t\t$dir=safe_html($_POST['dir']);//\u540c\u4e0a\n\t\t$seo_title=safe_html($_POST['seo_title']);//\u540c\u4e0a\n\t\t$seo_key=safe_html($_POST['seo_key']);//\u540c\u4e0a\n\t\t$seo_des=safe_html($_POST['seo_des']);//\u540c\u4e0a\n\t\t$copyright=$_POST['copyright'];//\u540c\u4e0a\n\t\tif(empty($title)||empty($id)){\n\t\t\tshowmsg(C('material_not_complete'),'-1');\n\t\t}\n\t\t$this->mysql->db_update('language',\"`title`='\".$title.\"',`sitename`='\".$sitename.\"',`dir`='\".$dir.\"',`seo_title`='\".$seo_title.\"',`seo_key`='\".$seo_key.\"',`seo_des`='\".$seo_des.\"',`copyright`='\".$copyright.\"'\",'`id`='.$id);\n\t\t$this->language_cache();\n\t\tshowmsg(C('update_success'),'index.php?m=xdcms&c=language');\n\t}\n```\n\n \n\n### \u6f0f\u6d1e\u8bc1\u660e\uff1a\n\n1.\u4ee5title\u4e3a\u4f8b\uff0c\u70b9\u51fb\u7f16\u8f91\uff1a\n\n\n[<img src=\"https://images.seebug.org/upload/201402/1813232063b84188c05997c7f243b6abb8db888d.jpg\" alt=\"xbb.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201402/1813232063b84188c05997c7f243b6abb8db888d.jpg)\n\n\n2.\u53d1\u5e03\u540e\u6293\u5305\u6dfb\u52a0exp\uff1a\n\n\n[<img src=\"https://images.seebug.org/upload/201402/1813235079c08e1f660d3f3d34074c18f8790166.jpg\" alt=\"xbb1.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201402/1813235079c08e1f660d3f3d34074c18f8790166.jpg)\n\n\n3.\u6210\u529f\uff1a\n\n\n[<img src=\"https://images.seebug.org/upload/201402/181324140dfcf087b0f61f1f212f2cdf18392634.jpg\" alt=\"xbb3.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201402/181324140dfcf087b0f61f1f212f2cdf18392634.jpg)", "sourceHref": "", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-94949", "type": "seebug", "viewCount": 9, "references": [], "lastseen": "2017-11-19T18:23:09", "published": "2014-02-18T00:00:00", "cvelist": [], "id": "SSV:94949", "enchantments_done": [], "modified": "2014-02-18T00:00:00", "title": "XDcms Sql Injection 18-25", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 1.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.1}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645400650, "score": 1659785532, "epss": 1678851499}}

{}