group/search.php
................................................................................................
if(empty($sad)) $sad = "t";
if(empty($keyword)){
ShowMsg("错误,请输入搜索关键字!","-1");
exit();
}
if($sad=="g"){
$searchtable = "#@__groups";
$WhereSql = "WHERE ishidden=0 AND groupname like '%".$keyword."%'";
$Orders = "ORDER BY stime DESC";
}else{
$searchtable = "#@__group_threads";
$WhereSql = "WHERE closed=0 AND subject like '%".$keyword."%'";
$Orders = "ORDER BY lastpost DESC";
}
..............................................................................................
对变量$keyword处理不当,导致注入漏洞的形成
dedecms2007
官方已经发布了补丁
<a href=http://www.dedecms.com/ target=_blank>http://www.dedecms.com/</a>
京公网安备 11010502034610号
暂无评论