问题说明:
使用SQLMAP进行测试
文件/public/install/index.php,代码第321行account参数存在SQL注入漏洞
修改文件/public/install/index.php
$res = false;
try {
$username = clean($username);
$addadminsql = "INSERT INTO `{$dbPrefix}system_admin` (`account`, `pwd`, `real_name`, `roles`, `last_ip`, `last_time`, `add_time`, `login_count`, `level`, `status`, `is_del`) VALUES
('" . $username . "', '" . $password . "', 'admin', '1', '" . $ip . "',$time , $time, 0, 0, 1, 0)";
$res = mysqli_query($conn, $addadminsql);
} catch (\Exception $e) {
echo $e->getMessage();
}
function clean($str)
{
$str = trim($str);
$str = strip_tags($str);
$str = stripslashes($str);
$str = addslashes(sprintf("%s", $str));
$str = rawurldecode($str);
$str = quotemeta($str);
$str = filter_var($str, FILTER_SANITIZE_STRING);
$str = htmlentities($str, ENT_QUOTES);
$str = htmlspecialchars($str);
return $str;
}或者直接下载下面文件包覆盖
热度 {{item.heat}}
{{item.user_info.nickname ? item.user_info.nickname : item.user_name}}
作者 管理员 企业
{{itemf.name}}
{{itemc.user_info.nickname}}
{{itemc.user_name}}
回复 {{itemc.comment_user_info.nickname}}
![]()
{{itemf.name}}