dedecms最新注入两处
本帖最后由 made 于 2012-11-15 16:09 编辑dedecms最新注入
6月份dede修补的漏洞是一个原理
plus/guestbook.inc.php
require(dirname(__FILE__).'/../../include/common.inc.php');require_once(DEDEINC."/filter.inc.php");
plus/guestbook.inc.php
require_once(dirname(__FILE__).'/guestbook/guestbook.inc.php');............
$query = "INSERT INTO `#@__guestbook`(title,tid,mid,uname,email,homepage,qq,face,msg,ip,dtime,ischeck) VALUES ('$title','$tid','{$g_mid}','$uname','$email','$homepage','$qq','$img','$msg','$ip','$dtime','$needCheck'); ";
$catid变量以及$typeid变量未初始化。
plus/bookfeedback.php.
require_once(dirname(__FILE__)."/../include/common.inc.php");require_once(DEDEINC."/filter.inc.php");require_once(DEDEINC."/channelunit.func.php");
.............. //保存评论内容 if($comtype == 'comments') { $arctitle = addslashes($arcRow['arctitle']); $arctitle = $arcRow['arctitle']; if($msg!='') { $inquery = "INSERT INTO `#@__bookfeedback`(`aid`,`catid`,`username`,`arctitle`,`ip`,`ischeck`,`dtime`, `mid`,`bad`,`good`,`ftype`,`face`,`msg`) VALUES ('$aid','$catid','$username','$bookname','$ip','$ischeck','$dtime', '{$cfg_ml->M_ID}','0','0','$feedbacktype','$face','$msg'); "; $rs = $dsql->ExecuteNoneQuery($inquery); if(!$rs) { echo $dsql->GetError(); exit(); } } } //引用回复 elseif ($comtype == 'reply') { $row = $dsql->GetOne("Select * from `#@__bookfeedback` where id ='$fid'"); $arctitle = $row['arctitle']; $aid =$row['aid']; $msg = $quotemsg.$msg; $msg = HtmlReplace($msg,2); $inquery = "INSERT INTO `#@__bookfeedback`(`aid`,`typeid`,`username`,`arctitle`,`ip`,`ischeck`,`dtime`,`mid`,`bad`,`good`,`ftype`,`face`,`msg`) VALUES ('$aid','$typeid','$username','$arctitle','$ip','$ischeck','$dtime','{$cfg_ml->M_ID}','0','0','$feedbacktype','$face','$msg')"; $dsql->ExecuteNoneQuery($inquery); }
**** Hidden Message ***** 看一看。。。。。。。。 看下。……。… 哦哦 学习 这是最新的dede注入? 看一下内容 看看 。。。。。 55555,论坛金币靠回复的说,下个资料就木有了,好吧,顺带看看