乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-04-08: 积极联系厂商并且等待厂商认领中,细节不对外公开 2013-07-07: 厂商已经主动忽略漏洞,细节向公众公开
只是提个醒
问题出在member.php.................../**/省略无关代码./**/require dirname(__FILE__) . '/include/common.php';if($CFG['uc'])require PHPMPS_ROOT . 'include/uc.inc.php';require PHPMPS_ROOT . 'include/json.class.php';require PHPMPS_ROOT . 'include/pay.fun.php';.................../**/省略无关代码./**/if(empty($_userid)) { '判断userid if (!in_array($act, $not_login)) { if (in_array($act, $must_login)) { showmsg('请先登录', 'member.php?act=login&refer='.$PHP_URL); } else { showmsg('请不要提交非法请求!'); } }}.................../**/省略无关代码./**/查看include/common.phpif(!get_magic_quotes_gpc()) { if (!empty($_GET))$_GET = addslashes_deep($_GET); if (!empty($_POST))$_POST = addslashes_deep($_POST); $_COOKIE = addslashes_deep($_COOKIE); $_REQUEST = addslashes_deep($_REQUEST);}'get_magic_quotes_gpc ╮(╯▽╰)╭.................../**/省略无关代码./**/'关键的部分$_userid = 0; '初始化 $_username = '';$uid = $_SESSION['userid'] ? $_SESSION['userid'] : $_COOKIE['userid']; ‘cookie 你懂的啦~if(!empty($uid)) { $user_info = $db->getRow("select userid,username,lastposttime,status from {$table}member where userid='$uid' "); if($user_info) { $_userid = $user_info['userid']; $_username = $user_info['username']; $_lastposttime = $user_info['lastposttime']; $_status = $user_info['status']; }}userid=1 ~
$uid = $_SESSION['userid'] ? $_SESSION['userid']
未能联系到厂商或者厂商积极拒绝
漏洞Rank:10 (WooYun评价)