微擎二次注入漏洞 修复
阿里云提示:微擎二次注入漏洞修复方法:
/web/source/mc/fangroup.ctrl.php
搜索
$sql .= 'UPDATE ' . tablename('mc_mapping_fans') . " SET `groupid`='" . $tagids . "' WHERE `fanid`={$fans['fanid']};";
}
pdo_query($sql); }
}
修改为:
$sql = 'UPDATE ' . tablename('mc_mapping_fans') . " SET `groupid`= :tagids WHERE `fanid`=:fanid;"; pdo_query($sql,array(":tagids" => $tagids, ":fanid" => $fans['fanid'])); } }
}
漏洞解决
页:
[1]