PHPweb建站系统cookies注入分析及修复 - 网站安全

漏洞 页面：member/post.php   <?php define("ROOTPATH", ""); include(ROOTPATH."includes/common.inc.php"); include("language/".$sLan.".php"); include(ROOTPATH."member/includes/member.inc.php");     $act = $_POST['act'];   switch($act){ ...略           //读取头像         case "loadface":                 SecureMember();                 $memberid=$_COOKIE["MEMBERID"];                   $fsql->query("select nowface from {P}_member where memberid='$memberid'");//这里触发sql注入漏洞 如1'and '1'='1                 if($fsql->next_record()){                         $nowface=$fsql->f('nowface');                 }                 echo $nowface;                 exit;           break; } 转自：http://HdhCmsTest90sec.org/thread-1865-1-1. html HdhCmsTest2cto测试数据提供修复 加强过滤

查看更多关于PHPweb建站系统cookies注入分析及修复 - 网站安全的详细内容...