建站之星v2.7SQL注入
CTF比赛中出了这个CMS的题 下载回源码看了下
问题出在module/mod_email.php第147行左右
public function do_mail(){ global $db; $title = ParamHolder::get("title"); $msg = ParamHolder::get("email_s"); $msg .= ParamHolder::get("email_m"); $roles = ParamHolder::get("role"); $type = ParamHolder::get("type"); $user_email = ParamHolder::get('users'); $send_id = SessionHolder::get("user/id"); $time = time(); $ok = 0; ...