10.06.2008, 14:54
|
|
Познающий
Регистрация: 18.07.2007
Сообщений: 40
Провел на форуме:
72605
Репутация:
13
|
|
Код:
if (isset($_GET["direction"])) {
$direction = $_GET["direction"];
}
if (isset($_GET["page"])) {
$page = $_GET["page"];
}
if (!isset($_GET["sort"])) {
$version_direction = "void";
$sort = "server_name";
} else if ($_GET["sort"] == 'server_version') {
$version_direction = "server_version";
$sort = "server_version_major ".$direction.", server_version_minor ".$direction.", server_version_release ".$direction.", server_version_build";
} else {
$version_direction = "void";
$sort = $_GET["sort"];
}
if ((!isset($_GET["showgroup"])) or ($_GET["showgroup"] == 'all')) {
$showgroup = "all";
$group = "WHERE 1";
} else if ($_GET["showgroup"] == 'Private') {
$group = "WHERE server_ispname='$showgroup' OR server_ispname=''";
} else if ($_GET["showgroup"] != 'Private') {
$group = "WHERE server_ispname='$_GET[showgroup]'";
}
include("tpl_listing_top.php");
if (isset($_GET["direction"])) {
$pagedirection = $_GET["direction"];
}
if (empty($pagedirection)) {
$pagedirection = "asc";
}
if (empty($direction)) {
$direction = "asc";
}
if (empty($page)) {
$page = 1;
$pagestart = $page -1;
} else {
$pagestart = (($page -1) * $setting["perpage"]);
}
$serverquery = query("SELECT * FROM $dbtable1 $group");
$servercount = number_format(mysql_num_rows($serverquery));
$request = query("SELECT * FROM $dbtable1 $group order by $sort $direction, server_name LIMIT $pagestart,$setting[perpage]");
собственно инъекция либо в $sort либо в $direction
Инъекию в $_GET[showgroup] не рассматриваем так как на искомом серваке включено magic_quotes |
|
|