php cms 代码注入,PHPCMS全版本通杀SQL注入漏洞

漏洞分析

首先看下面的代码

/phpcms/modules/member/content.php 202行 edit函数

[php]

public function edit() {

$_username = $this->memberinfo['username'];

if(isset($_POST['dosubmit'])) {

$catid = $_POST['info']['catid'] = intval($_POST['info']['catid']);

$siteids = getcache('category_content', 'commons');

$siteid = $siteids[$catid];

$CATEGORYS = getcache('category_content_'.$siteid, 'commons');

$category = $CATEGORYS[$catid];

if($category['type']==0) {//审核状态时,点编辑 再提交,进入if分支

$id = intval($_POST['id']);

$catid = $_POST['info']['catid'] = intval($_POST['info']['catid']);

$this->content_db = pc_base::load_model('content_model');

$modelid = $category['modelid'];

$this->content_db->set_model($modelid);

//判断会员组投稿是否需要审核

$memberinfo = $this->memberinfo;

$grouplist = getcache('grouplist');

$setting = string2array($category['setting']);

if(!$grouplist[$memberinfo['groupid']]['allowpostverify'] || $setting['workflowid']) {

$_POST['info']['status'] = 1;

}

$info = array();

foreach($_POST['info'] as $_k=>$_v) {

if(in_array($_k, $fields)) $_POST['

你可能感兴趣的:(php,cms,代码注入)