PHP168 CMS的一次新异漏洞分析
2007-07-20 08:45
274 查看
admin/global.php对后台管理的用户名与密码没有任何过滤产生了这个漏洞
if( $_POST[loginname] && $_POST[loginpwd] )
{
if( $webdb[yzImgAdminLogin] ){
if(!get_cookie("yzImgNum")||get_cookie("yzImgNum")!=$yzimg){
die("<A HREF=?>验证码不符合</A>");
}else{
set_cookie("yzImgNum","");
}
}
$rs=$db->get_one("SELECT M.$TB[username] AS username,M.$TB[password] AS password,D.* FROM $TBM LEFT JOIN {$pre}memberdata D ON M.$TB[uid]=D.uid WHERE M.$TB[username]='$_POST[loginname]' ");
if( $_POST[loginname] && $_POST[loginpwd] )
{
if( $webdb[yzImgAdminLogin] ){
if(!get_cookie("yzImgNum")||get_cookie("yzImgNum")!=$yzimg){
die("<A HREF=?>验证码不符合</A>");
}else{
set_cookie("yzImgNum","");
}
}
$rs=$db->get_one("SELECT M.$TB[username] AS username,M.$TB[password] AS password,D.* FROM $TB