phpweb /version.php Vul

catalog

1. 漏洞描述
2. 漏洞触发条件
3. 漏洞影响范围
4. 漏洞代码分析
5. 防御方法
6. 攻防思考

1. 漏洞描述

Relevant Link:
2. 漏洞触发条件
3. 漏洞影响范围
4. 漏洞代码分析
5. 防御方法

/version.php

<?php
    define( "PHPWEB_VERSION", "1.4.3" );
    define( "PHPWEB_RELEASE", "20100925" );
    /**/
    function cleanArrayForMysql($data)
    {
        if(!get_magic_quotes_gpc())
        {
            //security filter Recursive
            return (is_array($data)) ? array_map(‘cleanArrayForMysql‘, $data) : addslashes($data);
        }
        else
        {
            return $data;
        }
    }
    $_REQUEST = cleanArrayForMysql($_REQUEST);
    $_GET = cleanArrayForMysql($_GET);
    $_POST = cleanArrayForMysql($_POST);
    $_COOKIE = cleanArrayForMysql($_COOKIE);
    /**/
?>

6. 攻防思考

时间： 2024-10-04 05:28:10

phpweb /version.php Vul的相关文章

phpweb漏洞合集

admin' or '1'='1 万能密码 inurl:/class/?1.html inurl:webmall/query.php?typeid=?inurl:shop/class/?226.htmlinurl:product/html/?10.htmlinurl:down/class/?2.htmlinurl:news/html/?417.htmlinurl:shop/html/?477.htmlinurl:news/class/?86.html inurl:/page/html/?1.ht

maven -- 问题解决（三）Java compiler level does not match the version of the installed Java project facet

问题: Java compiler level does not match the version of the installed Java project facet 解决方法如下: properties->Java Compiler,修改JDK版本,然后Apply

异常：Unsupported major.minor version 52.0 (Use --stacktrace to see the full trace)

异常:Unsupported major.minor version 52.0 (Use --stacktrace to see the full trace) 正在写一个功能,更新了同事提交的代码之后,出现了如下错误: 1 Fatal error during compilation org.apache.tools.ant.BuildException: java.lang.UnsupportedClassVersionError: org/elasticsearch/index/query

How to Downgrade VMware ESXi 5.5 Virtual Machine Hardware Version to 9 from 10

Shut down the virtual machine in the vSphere client. Remove your virtual machine from the ESXi inventory. Browse your Datastore and find the virtual machine's .vmx file. Download it to your desktop. Open the .vmx file in Notepad or your favorite te

This version of MySQL doesn't yet support 'LIMIT & IN/ALL/ANY/SOME subquery' 错误解决

原因是内层select语句带有limit子句. 原: update stu_score_childen A set A.fScore='-1' where A.fID in (select B.fID from stu_score_childen B limit 0,50 ) 更改后的 update stu_score_childen A set A.fScore='-1' where A.fID in (select C.fID from (select B.fID from st

[LeetCode] Compare Version Numbers

Question: Compare two version numbers version1 and version2.If version1 > version2 return 1, if version1 < version2 return -1, otherwise return 0. You may assume that the version strings are non-empty and contain only digits and the . character.The

This version of the rendering library is more recent than your version of IntelliJ IDEA.

今天往idea里导入其他项目时又遇到了一个问题,单独标记一下. 导入后打开一个布局xml文件,发现不能渲染,报错为: This version of the rendering library is more recent than your version of IntelliJ IDEA. Please update IntelliJ IDEA 看字面意思就是idea的渲染库版本不对,让你升级idea.因为之前升级过android sdk,就想到了以前eclipse的老问题:adt的升级.难

eclipse中，项目有红叉之-Cannot change version of project facet Dynamic Web Module to 3.1

1.打开Problems查看错误原因Window->Show View->Other->General->Problems 2.查看问题 3.发现是Cannot change version of project facet Dynamic Web Module to 3.1 4.根据2里截图的Resource,得到是哪个项目,项目右击->Properties->Project Faces->Dynamic Web Module,更据相应Dynamic Web M

Type Java compiler level does not match the version of the installed Java project facet.项目内容没错但是项目上报错，不影响运行

1.Window->Show View->Problems 2.在项目上右键properties->project Facets->修改右侧的version 保持一致 3.window->preferences->Java->Compiler->设置右侧的Compiler compliance level 4.window->preferences->java->Installed JREs->设置或者选择右侧的Installed