A page, not as fault-tolerant processing result in the explosion path, while the filter is not strict lead to a malicious attacker can delete the website of any of the files
corpandresize/config. inc. php definition:
$tmp = $_COOKIE['tmp'];
In corpandresize/process. php with to the TMP_PATH, meet in front of a series of conditions that are well met, are user-controllable:
7 6: @unlink(TMP_PATH.'/'.$ thumbfile);
No check the$_COOKIE['tmp']directly into the unlink (), as long as the modified cookie you can delete the website of any file.
google a bit and found online someone in year 5 month disclosed the same directory as another file caused the explosion path problem http://lcx.cc/?FoxNews=123.html but the analysis was not detailed enough, the use of the method is also slightly troublesome, given here use way more simple.
Registered user login access
In this case broke the absolute path when collecting information, there's nothing to use.
In the cookies add a sentence or modifying the original value tmp=../index. php%0 0 You can delete the home file
The test of the time to find the official demo station of unsuccessful is... However, a local test is ok the latest official installation packages on the Internet for large test station, a dozen a quasi~
Starters: CnCxzSec(failure Aberdeen)