该楼层疑似违规已被系统折叠 隐藏此楼查看此楼
漏洞页面member/post.php view source print? 01 <?php
02 define("ROOTPATH", "../");
03 include(ROOTPATH."includes/common.inc.php");
04 include("language/".$sLan.".php");
05 include(ROOTPATH."member/includes/member.inc.php");
06
07
08 $act = $_POST['act'];
09
10 switch($act){
11 ...略
12
13 //读取头像
14 case "loadface":
15 SecureMember();
16 $memberid=$_COOKIE["MEMBERID"];
17
18 $fsql->query("select nowface from {P}_member where memberid='$memberid'");//这里触发sql注入漏洞 如 1'and '1'='1
19 if($fsql->next_record()){
20 $nowface=$fsql->f('nowface');
21 }
22 echo $nowface;
23 exit;
24
25 break;
26 }