Open
Description
Vulnerability file: /coreframe/app/coupon/admin/copyfrom.php:22
public function listing() {
$siteid = get_cookie('siteid');
$page = isset($GLOBALS['page']) ? intval($GLOBALS['page']) : 1;
$page = max($page,1);
if(isset($GLOBALS['keywords'])) {
$keywords = $GLOBALS['keywords'];
$where = "name LIKE '%$keywords%'";
} else {
$where = '';
}
$result = $this->db->get_list('copyfrom', $where, '*', 0, 20,$page);
$pages = $this->db->pages;
$total = $this->db->number;
include $this->template('copyfrom_listing');
}
Payload:
http://127.0.0.1/index.php?m=promote&f=index&v=search&_su=wuzhicms

&fieldtype=place&keywords=1111%'*%23
Metadata
Metadata
Assignees
Labels
No labels