menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right 085-MKCMS chevron_right 005-MKCMS v6.2 _ucenter_reg.php前台sql注入漏洞.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    005-MKCMS v6.2 _ucenter_reg.php前台sql注入漏洞.md
    467 B / 2021-07-17 00:01:22
        # MKCMS v6.2 /ucenter/reg.php前台sql注入漏洞

### 一、漏洞简介

### 二、漏洞影响

MKCMS v6.2

### 三、复现过程

/ucenter/reg.php的name参数,存在注入


```php
/ucenter/reg.php
<?php 
...
if(isset($_POST['submit'])){
$username = stripslashes(trim($_POST['name']));
// 检测用户名是否存在
$query = mysql_query("select u_id from mkcms_user where u_name='$username'");
  ...
```

**参考链接**

https://xz.aliyun.com/t/7580#toc-4
    links
    file_download