ApiController.class.php 参数过滤存在不严谨,导致SQL注入漏洞
页面特征如下
漏洞点:
在
ApiController.class.php
中,可以看到
$sql="select image from ".C('DB_PREFIX')."goods_image
where goods_id=".$goods_id;
是直接进行拼接而导致的
sql
注入
public function
goods_detail
()
{
$goods_id
=
I
(
'get.goods_id'
);
//gallery =>img_url
//goods goods.goods_desc goods_name group_price market_price
sell_count group_number
$sql
=
"select g.*,gd.description,gd.summary,gd.tag from "
.
C
(
'DB_PREFIX'
).
"goods g,"
.
C
(
'DB_PREFIX'
).