mysql v8 漏洞_海洋CMS V8.7 SQL注入漏洞

本文详细介绍了海洋CMS V8.7中存在的SQL注入漏洞,通过示例代码展示了漏洞的触发条件,并提出了相应的防护措施,旨在提高系统安全性。
摘要由CSDN通过智能技术生成

session_start();

require_once("../../include/common.php");

$id = (isset($gid) && is_numeric($gid)) ? $gid : 0;

$page = (isset($page) && is_numeric($page)) ? $page : 1;

$type = (isset($type) && is_numeric($type)) ? $type : 1;

$pCount = 0;

$jsoncachefile = sea_DATA."/cache/review/$type/$id.js";

//缓存第一页的评论

if($page<2)

{

if(file_exists($jsoncachefile))

{

$json=LoadFile($jsoncachefile);

die($json);

}

}

$h = ReadData($id,$page);

$rlist = array();

if($page<2)

{

createTextFile($h,$jsoncachefile);

}

die($h);

function ReadData($id,$page)

{

global $type,$pCount,$rlist;

$ret = array("","",$page,0,10,$type,$id);

if($id>0)

{

$ret[0] = Readmlist($id,$page,$ret[4]);

$ret[3] = $pCount;

$x = implode(',',$rlist);

if(!empty($x))

{

$ret[1] = Readrlist($x,1,10000);

}

}

$readData = FormatJson($ret);

return $readData;

}

function Readmlist($id,$page,$size)

{

global $dsql,$type,$pCount,$rlist;

$ml=array();

if($id>0)

{

$sqlCount = "SELECT count(*) as dd FROM sea_comment WHERE m_type=$type AND v_id=$id ORDER BY id DESC";

$rs = $dsql ->GetOne($sqlCount);

$pCount = ceil($rs['dd']/$size);

$sql = "SELECT id,uid,username,dtime,reply,msg,agree,anti,pic,vote,ischeck FROM sea_comment WHERE m_type=$type AND v_id=$id ORDER BY id DESC limit ".($page-1)*$size.",$size ";

$dsql->setQuery($sql);

$dsql->Execute('commentmlist');

while($row=$dsql->GetArray('commentmlist'))

{

$row['reply'].=ReadReplyID($id,$row['reply'],$rlist);

$ml[]="{\"cmid\":".$row['id'].",\"uid\":".$row['uid'].",\"tmp\":\"\",\"nick\":\"".$row['username']."\",\"face\":\"\",\"star\":\"\",\"anony\":".(empty($row['username'])?1:0).",\"from\":\"".$row['username']."\",\"time\":\"".date("Y/n/j H:i:s",$row['dtime'])."\",\"reply\":\"".$row['reply']."\",\"content\":\"".$row['msg']."\",\"agree\":".$row['agree'].",\"aginst\":".$row['anti'].",\"pic\":\"".$row['pic']."\",\"vote\":\"".$row['vote']."\",\"allow\":\"".(empty($row['anti'])?0:1)."\",\"check\":\"".$row['ischeck']."\"}";

}

}

$readmlist=join($ml,",");

return $readmlist;

}

function Readrlist($ids,$page,$size)

{

global $dsql,$type;

$rl=array();

$sql = "SELECT id,uid,username,dtime,reply,msg,agree,anti,pic,vote,ischeck FROM sea_comment WHERE m_type=$type AND id in ($ids) ORDER BY id DESC";

$dsql->setQuery($sql);

$dsql->Execute('commentrlist');

while($row=$dsql->GetArray('commentrlist'))

{

$rl[]="\"".$row['id']."\":{\"uid\":".$row['uid'].",\"tmp\":\"\",\"nick\":\"".$row['username']."\",\"face\":\"\",\"star\":\"\",\"anony\":".(empty($row['username'])?1:0).",\"from\":\"".$row['username']."\",\"time\":\"".$row['dtime']."\",\"reply\":\"".$row['reply']."\",\"content\":\"".$row['msg']."\",\"agree\":".$row['agree'].",\"aginst\":".$row['anti'].",\"pic\":\"".$row['pic']."\",\"vote\":\"".$row['vote']."\",\"allow\":\"".(empty($row['anti'])?0:1)."\",\"check\":\"".$row['ischeck']."\"}";

}

$readrlist=join($rl,",");

return $readrlist;

}

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值