微擎微赞SQL注入漏洞store.ctrl.php
AD: 会员限时优惠仅需29元起,先到先得。【我要上车】
微擎微赞SQL注入漏洞涉及文件 store.ctrl.php,所在目录:
/web/source/mc/store.ctrl.php (约74行)
查找如下内容:
if($do =='delete') { pdo_delete('activity_stores',array('id' => $_GPC['id'], 'uniacid' => $_W['uniacid'])); message('删除成功',referer(), 'success'); }
将上述第2行修改为
pdo_delete('activity_stores',array('id' => intval($_GPC['id']), 'uniacid' => $_W['uniacid']));