Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

smcs 2.x arbitrarily account register #1

Closed
ParadiseCong opened this issue Nov 28, 2018 · 2 comments
Closed

smcs 2.x arbitrarily account register #1

ParadiseCong opened this issue Nov 28, 2018 · 2 comments

Comments

@ParadiseCong
Copy link

smcs 2.x arbitrarily account register via member/member_reg.php
firstly,register an account test|test
1

then,let's see the issue code
`if($_POST["M_code"]!=$_SESSION["CmsCode"]){
box(lang("验证码错误!/l/Verification code error"),"back","error");
}else{
$M_login=$_POST["M_login"];
$M_pwd=$_POST["M_pwd"];
$M_pwd2=$_POST["M_pwd2"];
$M_email=$_POST["M_email"];
$M_need=$_POST["M_need"];
if(!IsValidStr($M_login) || !IsValidStr($M_pwd) || !IsValidStr($M_pwd2) || !IsValidStr($M_email) || !IsValidStr($M_need)){
box("输入内容包含敏感字符,请重新输入!","back","error");
}
if($M_pwd!=$M_pwd2){
box("两次输入密码不一致!","back","error");
}
if($M_need=="x"){
box("请选择一个业务需求!","back","error");
}
if($M_login!="" && $M_pwd!="" && $M_email!=""){
if(strpos($M_email,"@")===false){
box("请输入一个可用的邮箱!","back","error");
}else{
$sql="Select * from SL_member Where M_login='".$M_login."'";

$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
if (mysqli_num_rows($result) > 0) {

box("用户名已被占用!","back","error");
}else{
mysqli_query($conn,"insert into SL_member(M_login,M_pwd,M_email,M_fen,M_pic,M_regtime,M_from,M_need) values('".$M_login."','".strtoupper(md5($M_pwd))."','".$M_email."',0,'member.jpg','".date('Y-m-d H:i:s')."',".$_COOKIE["uid"].",'".$M_need."')");
`
we can see the parameter was validated by the function of IsValidStr,so we can not use some special characters.but when database meets %c2,it will be identified as a invalid character and also fit the ruler of the function IsValidStr.
thus.We can register another test
finally,register other account test%c2|123456
3

@attritionorg
Copy link

@ParadiseCong member_reg.php doesn't appear to be a file in this repo. Can you verify you filed this against the right S-CMS?

@Venan24
Copy link
Owner

Venan24 commented Mar 4, 2019

This is not right repository. This repo does not have those issues or the files you are referring to.

@Venan24 Venan24 closed this as completed Mar 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants