代码审计

zfaka在安装的时候会新建一个测试帐号[email protected]，密码123456 在文件application/modules/Member/controllers/Profiles.php，profilesajaxAction方法第53行附近存在注入 public function profilesajaxAction() { if ($this->login==FALSE AND !$this->userid) { $data = array('code' => 1000, 'msg' => '请登录'); Helper::response($data); } $nickname = $this->getPost('nickname',false); $qq = $this->getPost('qq',false); $tag = $this-> ...

a9eae5fe6805503ebb5e368666781b2278f70b450ee78ad853a0085e440e2923cc028f85d66bd6ea3cb9dbb4b97dd2df17f2e756fad0148cfc120ad8833bd8926996504b960e0a8eb61962df53f3a381529b27779845129bb9ea31a1d1e72f3af95f7bd93113ca1c92fe245ad16e065473f86d941da3f947e7e5aaa84cbd03c0e80097a0cc9522fd40dc963e0d37f0bf6eb0a4368751cd1cebfb1911d959a6770fcafd6bb000d4d725a0502aada192c98a78bdf893fcf018297b2ad439a1ab68616993d9e468be8f86215998c3d8bd442d444359c0a589094355853005d2d915716d6a2290bd6a1f47f81c1e6e0333ed6eaacaf23312181b7 ...

2760f727fd5c5efcae76ad5e70a2a1bcb530f59ff786cf70246c2b55470e2b2119708ab947e1bb9a3a4c195d4f69176c5492d04f635f7b57656b8a2f211e5ee10330224e46379f26b4fc54f6113dd4721d430f70395dbd37640f48d49e2bd88e6dd127d92adff013c3bad3bec6e1feabd70fdd29759a684318cf5a403e463e81973ddfa5ccedaca4a9cd32cf57283261ad510c499af3a74463016f67264a5ddd045f02de65501c1a62d39cc18efa1d19aeb0b0196c091f9ba8023a6b8ef06176ff6aa7312b20e3842e3348630baafa4267a3b1954679fde5ad86b47646e911f3711a9407c4ec1378e9f91619a1a3ef903effff81be7ccb0dc ...

SQL注入inter/handler_get_set_data/set_sc_count_online_setup_data_cmd.php 函数set_sc_count_online_setup_data_cmd function set_sc_count_online_setup_data_cmd($para) { global $logHandler, $mysqlDB;// $logHandler->LogError('set_sc_count_online_setup_data_cmd'); $keyData = array("client","server","scid"); $check = checkParam($keyData,$para,$logHandler); if ($check !== true) return false; $SCID= $para['scid']; $data_type=' ...

59f647fa49c4db0e99d68572becdb63bb6cd77e97d530c93a61e09195f47027f88c6c40d2165932bc55287d21f5e135f8d8e42a8e8953d48b2b4d6efc1dc902368133e1f4a925b16789b1292b5377f681ee6b740b73289a3fc2964a6ccba24cb9f819b0987226557aaa8b0b5a0ac0b995a74e5647be47b874b79840a9171ba958ce8e27c6eb29fc108f3e88919d201cc4fc8f3adf2c3f9185649a1753146d584b9c7cc213673bfe91a7414346a9e4940cfd5305e96ea69984f659dd7d5a48d86a602508d3800bd751f34bcbbd82b6c63b698bda8a9c963c59bae821955d548391a25907b4d2847d8cba72a8a5839dfc3a758d198c708b4f0c ...

学习审计通达OA时发现的一些有意思的事 全局变量覆盖审计时发现前辈们提到了这个问题，跟了下存在问题的文件 比如存在变量覆盖的文件是pda\vote\list.php， require_once "pda/auth.php";include_once "inc/conn.php";include_once "inc/utility_all.php";include_once "mobile/api/qyapp.vote.class.php";if ($P == "") { $P = $_COOKIE["PHPSESSID"];}else { $P = $_GET["P"];} 这里包含了inc/conn.php数据库连接文件 继续跟，发现包含了inc/td_config.php <?phpinclude_once "inc/common.inc.php";$ROOT_PATH ...