Skip to content

Instantly share code, notes, and snippets.

@LioTree
Last active May 2, 2024 22:36
Show Gist options
  • Save LioTree/b31aa21a85cbef27c86ba70183d446a8 to your computer and use it in GitHub Desktop.
Save LioTree/b31aa21a85cbef27c86ba70183d446a8 to your computer and use it in GitHub Desktop.
PicUploader HistoryController::getList SQL injection

Vendor: https://github.com/xiebruce/PicUploader

version: before https://github.com/xiebruce/PicUploader/commit/fcf82eacc4ad2e62b6182ca152a48bda739157be

A SQL injection vulnerability is in https://github.com/xiebruce/PicUploader/blob/2ef5b21cb2ae831ff5a56473b0f1315a6f81ff65/settings/HistoryController.php#L107

$keyword = isset($_GET['keyword']) ? trim($_GET['keyword']) : '';

$model = new HistoryModel();
$pageSize = 10;
		
$where = '';
if($keyword){
	$where = '((`filename` LIKE "%'.$keyword.'%") OR (`url` LIKE "%'.$keyword.'%") OR (`created_at` LIKE "%'.$keyword.'%"))';
}

图片

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment