lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 12:30:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复3个安全漏洞 (#15)

Browse Source 
* 修复趣味盒未授权访问漏洞

趣味盒页面未做鉴权游客可以任意查看或发送内容

* 修复sql注入漏洞

* 修复sql注入 详见描述

代码第19行		if (!is_valid_id($class) && $class != 0)
如果class 为"sleep(5)" 虽然过不了is_valid_id校验 但是由于php 弱类型 非数字开头的字符串 最终会判断为 $class = 0 绕过了校验
另外建议is_valid_id 改为更直接的intval 将用户输入的的数据强制转换成int 防止sql注入
This commit is contained in:
CZ
2021-05-19 13:49:41 +08:00
committed by GitHub
parent 0c136b7743
commit ce05680219
3 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/modrules.php
View File

@@ -38,7 +38,7 @@ elseif (isset($_GET["act"]) && $_GET["act"]=="addsect"){
header("Refresh: 0; url=modrules.php");
}
elseif (isset($_GET["act"]) && $_GET["act"] == "edit"){
$id = $_GET["id"];
$id = intval($_GET["id"]);
$res = @mysql_fetch_array(@sql_query("select * from rules where id='$id'"));
stdhead("Edit rules");
//print("<td valign=top style=\"padding: 10px;\" colspan=2 align=center>");