乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-11-21: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-02-19: 厂商已经主动忽略漏洞,细节向公众公开
建站宝注入漏洞
module/mod_product.phppublic function prdlist() {$this->_layout = 'frontpage';$curr_product_category = new ProductCategory();$cap_id = trim(ParamHolder::get('cap_id','0'));//没有过滤$user_role = trim(SessionHolder::get('user/s_role','{guest}'));$curr_locale = trim(SessionHolder::get('_LOCALE'));$page_title = new MenuItem();$title_info = $page_title->find(" `link`=? and s_locale=?",array("_m=mod_product&_a=prdlist",$curr_locale)," limit 1");$search_where = '';$search_params = array();$prd_keyword=trim($_REQUEST["prd_keyword"]);if (strlen($prd_keyword) >0) {$search_where .= ' AND (name LIKE ? OR description LIKE ?)';$search_params = array_merge($search_params,array('%'.$prd_keyword.'%','%'.$prd_keyword.'%'));$this->assign('prd_keyword',$prd_keyword);}else if (intval($cap_id) >1) {$product_category = new ProductCategory();$product_categories = $product_category->findAll();if(empty($product_categories)) $product_categories = array();foreach($product_categories as $k =>$v){$this->stack[$v->id] = $v->product_category_id;}$this->findout[] = $cap_id;$this->getCategoryList();$search_where = " AND product_category_id IN (''";foreach($this->findout as $k =>$v){$search_where .= ",$v";}$search_where .= ') AND product_category_id <> 0';$curr_product_category = new ProductCategory($cap_id);//这里注入了}try {官方测试http://test.3655188.com/index.php?_m=mod_product&_a=prdlist&cap_id=90
过滤
未能联系到厂商或者厂商积极拒绝