### 简要描述:
phpshe 注入漏洞
### 详细说明:
```
module/index/order.php
case 'cartnum':
$money['order_productmoney'] = $money['order_wlmoney'] = $money['order_money'] = 0;
if (pe_login('user')) {
$result = $db->pe_update('cart', array('user_id'=>$_s_user_id, 'product_id'=>$_g_product_id), //这里的$_g_product_id和_g_product_num没有过滤导致了注入
array('product_num'=>$_g_product_num));
}
```
### 漏洞证明:
测试方法注册后登陆
http://127.0.0.1/she/index.php
?mod=order&act=cartnum&product_id=1'
[<img src="https://images.seebug.org/upload/201401/212323377afee557832b447d619974f40b3b33a2.png" alt="she.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/212323377afee557832b447d619974f40b3b33a2.png)
京公网安备 11010502034610号
暂无评论