任意网址跳转漏洞,指到oxoxoxoxoxoxox.com, 求解决!
2016-07-07 14:55 来源:www.chinab4c.com 作者:ecshop专家
任意网址跳转漏洞http://网址/affiche.php?ad_id=50&uri=oxoxoxoxoxoxox.com 以下是:affiche.php代码,希望有好心人给个详细点的解决办法! 感激不尽! <?php /** * ECSHOP 广告处理文件 * ============================================================================ * * 版权所有 2005-2012 上海商派网络科技有限公司,并保留所有权利。 * 网站地址: http://www.ecshop.com; * ---------------------------------------------------------------------------- * 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和 * 使用;不允许对程序代码以任何形式任何目的的再发布。 * ============================================================================ * $Author: liubo $ * $Id: affiche.php 17217 2011-01-19 06:29:08Z liubo $ */ define('IN_ECS', true); define('INIT_NO_SMARTY', true); require(dirname(__FILE__) . '/includes/init.php'); /* 没有指定广告的id及跳转地址 */ if (empty($_GET['ad_id'])) { ecs_header("Location: index.php\n"); exit; } else { $ad_id = intval($_GET['ad_id']); } /* act 操作项的初始化*/ $_GET['act'] = !empty($_GET['act']) ? trim($_GET['act']) : ''; if ($_GET['act'] == 'js') { /* 编码转换 */ if (empty($_GET['charset'])) { $_GET['charset'] = 'UTF8'; } header('Content-type: application/x-javascript; charset=' . ($_GET['charset'] == 'UTF8' ? 'utf-8' : $_GET['charset'])); $url = $ecs->url(); $str = ""; /* 取得广告的信息 */ $sql = 'SELECT ad.ad_id, ad.ad_name, ad.ad_link, ad.ad_code '. 'FROM ' . $ecs->table('ad') . ' AS ad ' . 'LEFT JOIN ' . $ecs->table('ad_position') . ' AS p ON ad.position_id = p.position_id '. "WHERE ad.ad_id = '$ad_id' and " . gmtime() . " >= ad.start_time and " . gmtime() . "<= ad.end_time"; $ad_info = $db->getRow($sql); if (!empty($ad_info)) { /* 转换编码 */ if ($_GET['charset'] != 'UTF8') { $ad_info['ad_name'] = ecs_iconv('UTF8', $_GET['charset'], $ad_info['ad_name']); $ad_info['ad_code'] = ecs_iconv('UTF8', $_GET['charset'], $ad_info['ad_code']); } /* 初始化广告的类型和来源 */ $_GET['type'] = !empty($_GET['type']) ? intval($_GET['type']) : 0; $_GET['from'] = !empty($_GET['from']) ? urlencode($_GET['from']) : ''; $str = ''; switch ($_GET['type']) { case '0': /* 图片广告 */ $src = (strpos($ad_info['ad_code'], 'http://') === false && strpos($ad_info['ad_code'], 'https://') === false) ? $url . DATA_DIR . "/afficheimg/$ad_info[ad_code]" : $ad_info['ad_code']; $str = '<a href="' .$url. 'affiche.php?ad_id=' .$ad_info['ad_id']. '&from=' .$_GET['from']. '&uri=' .urlencode($ad_info['ad_link']). '" target="_blank">' . '<img src="' . $src . '" border="0" alt="' . $ad_info['ad_name'] . '" /></a>'; break; case '1': /* Falsh广告 */ $src = (strpos($ad_info['ad_code'], 'http://') === false && strpos($ad_info['ad_code'], 'https://') === false) ? $url . DATA_DIR . '/afficheimg/' . $ad_info['ad_code'] : $ad_info['ad_code']; $str = '<object classid="clsid27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0"> <param name="movie" value="'.$src.'"><param name="quality" value="high"><embed src="'.$src.'" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash"></embed></object>'; break; case '2': /* 代码广告 */ $str = $ad_info['ad_code']; break; case 3: /* 文字广告 */ $str = '<a href="' .$url. 'affiche.php?ad_id=' .$ad_info['ad_id']. '&from=' .$_GET['from']. '&uri=' .urlencode($ad_info['ad_link']). '" target="_blank">' . nl2br(htmlspecialchars(addslashes($ad_info['ad_code']))). '</a>'; break; } } echo "document.writeln('$str');"; } else { /* 获取投放站点的名称 */ $site_name = !empty($_GET['from']) ? $_GET['from'] : addslashes($_LANG['self_site']); /* 商品的ID */ $goods_id = !empty($_GET['goods_id']) ? intval($_GET['goods_id']) : 0; /* 存入SESSION中,购物后一起存到订单数据表里 */ $_SESSION['from_ad'] = $ad_id; $_SESSION['referer'] = stripslashes($site_name); /* 如果是商品的站外JS */ if ($ad_id == '-1') { $sql = "SELECT count(*) FROM " . $ecs->table('adsense') . " WHERE from_ad = '-1' AND referer = '" . $site_name . "'"; if($db->getOne($sql) > 0) { $sql = "UPDATE " . $ecs->table('adsense') . " SET clicks = clicks + 1 WHERE from_ad = '-1' AND referer = '" . $site_name . "'"; } else { $sql = "INSERT INTO " . $ecs->table('adsense') . "(from_ad, referer, clicks) VALUES ('-1', '" . $site_name . "', '1')"; } $db->query($sql); //$db->autoReplace($ecs->table('adsense'), array('from_ad' => -1, 'referer' => $site_name, 'clicks' => 1), array('clicks' => 1)); $sql = "SELECT goods_name FROM " .$ecs->table('goods'). " WHERE goods_id = $goods_id"; $res = $db->query($sql); $row = $db->fetchRow($res); $uri = build_uri('goods', array('gid' => $goods_id), $row['goods_name']); ecs_header("Location: $uri\n"); exit; } else { /* 更新站内广告的点击次数 */ $db->query('UPDATE ' . $ecs->table('ad') . " SET click_count = click_count + 1 WHERE ad_id = '$ad_id'"); $sql = "SELECT count(*) FROM " . $ecs->table('adsense') . " WHERE from_ad = '" . $ad_id . "' AND referer = '" . $site_name . "'"; if($db->getOne($sql) > 0) { $sql = "UPDATE " . $ecs->table('adsense') . " SET clicks = clicks + 1 WHERE from_ad = '" . $ad_id . "' AND referer = '" . $site_name . "'"; } else { $sql = "INSERT INTO " . $ecs->table('adsense') . "(from_ad, referer, clicks) VALUES ('" . $ad_id . "', '" . $site_name . "', '1')"; } $db->query($sql); /* 跳转到广告的链接页面 */ if (!empty($_GET['uri'])) { $uri = (strpos($_GET['uri'], 'http://') === false && strpos($_GET['uri'], 'https://') === false) ? $ecs->http() . urldecode($_GET['uri']) : urldecode($_GET['uri']); } else { $uri = $ecs->url(); } ecs_header("Location: $uri\n"); exit; } } ?> |
回答:
顶上去哦, 多谢了 |
没有解决办法吗?朋友们! |
这个很简单啊,自己加一个判断是不是本站的地址就可以了 |
这个很简单啊,自己加一个判断是不是本站的地址就可以了 |
我是菜鸟哦, 我还要努力学习呢!可以详细点吗? 具体要怎么加呢?多谢大侠了。 |
下载解压,覆盖到根目录就行了 |
最新的解决办法见 彻底解决ecshop任意网址跳转漏洞 http://bbs.ecshop.com/thread-1131128-1-1.html |
这个不错,解决了 |
最近更新
常用插件
- ecshop商品分类名称增加样
ecshop插件介绍:本插件可以方便在后台管理,为ecshop商品分类名称增加样...
- ecshop2.7.1打印发货单插件
ecshop2.7.1打印发货单插件介绍:ecshop2.7.1和以前的ecshop版本不一样,ecs...
- ecshop二次商品订购人信息
ecshop二次商品订购人信息填写插件,有时候给朋友送花,或者是送礼品的...
- ecshop分类批量扩展插件
ecshop分类批量扩展插件,这个插件是ecshop插件里面比较核心的插件。我们...
- ecshop二次开发详细页面生
插件介绍: ECSHOP系统,在很多时候,很多商品没有人购买,不但购买的人...
ecshop热门问答
ecshop热门资料
ecshop重复性
ecshop中国
ecshop挂马
ecshop会员等级价格
ecshopverified
ecshop特价商品
ecshop转播
ecshop间隔
ecshop阿帕奇
ecshop解决方法
ecshopGmail
xslecshop
ecshop商品总数
ecshop太原
ecshop戴志康
ecshop过长
ecshop瑞星
ecshopmysqld
ecshop善心
ecshopbluesky
ecshop如何去掉
是不是ecshop不稳定啊
ecshop搜索引擎
ecshop商品库存数量
ecshop肯德基宅急送
ecshop祝贺
ecshop配货
ecshop图片错误
ecshopabsolute
ecsho链接