zzcms user/logincheck.php SQL注入漏洞

Follow 1

Basic Fields

SSV ID:: SSV-92628

Find Time:: Unknown

Submit Time:: 2017-01-19

Level:

Category:: SQL 注入

Component:: zzcms
(7.2,8.0)

Author:: Unknown

Submitter:: Knownsec

CVE-ID：: Add

CNNVD-ID：: Add

CNVD-ID：: CNVD-2016-12088

ZoomEye Dork：: Add

Source

知道创宇404实验室

Detail

Contributor Knownsec Got 0KB

have 0 exchange

PoC (pocsuite 插件) (pocsuite 插件)

Contributor Knownsec totally have 0KB

Unopen

have 0 Exchange

Reference Linking

https://www.seebug.org

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

All Comments (1)

67373 2017-01-21

$_SERVER['REMOTE_ADDR']; 这个变量我们可以控制吗
- weibo_冷月-清风
  完全可以的伪造IP同理
- 奶权
  $_SERVER['REMOTE_ADDR']不能伪造 XFF才能
Reply 0 0
1F

※Any content provided by this site, only to learn the code and services, not for illegal purposes