米酷影视 MKCMS5.0 前台SQL注入漏洞
漏洞详情
漏洞出现在/ucenter/reg.php第7-19行:
if(isset($_POST['submit'])){
$username = stripslashes(trim($_POST['name']));
$query = mysql_query("select u_id from mkcms_user where u_name='$username'");
if(mysql_fetch_array($query)){
echo '';
exit;
}
$result = mysql_query('select * from mkcms_user where u_email = "'.$_POST['email'].'"');
if(mysql_fetch_arra
共有 0 条评论