Snow Hui voting system php version upload vulnerability-vulnerability warning-the black bar safety net

2011-03-18T00:00:00
ID MYHACK58:62201129769
Type myhack58
Reporter 佚名
Modified 2011-03-18T00:00:00

Description

Snow Hui voting system not only has a PHP version, but also ASP and ASP. NET version, it seems that the comparison focus, you can add a voting topic, vote items, delete modify functions, friendly interface.

The root directory to upload file imgupload.php file code:

<? php require_once("conn.php"); header("Content-type:text/html;charset=gbk"); $tid = $_POST["tid"]; $sid = ""; $query = mysql_query("select sid from xh_title where id=".$ tid,$conn); if($row=mysql_fetch_array($query)){ $sid = $row["sid"]; } mysql_free_result($query); $uploadDir = "xh_upload/".$ sid."/".$ tid; if(! is_dir($uploadDir)){ @mkdir($uploadDir,0 7 7 7,true); } $type=array("jpg","gif","png","bmp","jpeg"); $filename=$_FILES["ImgFile"]["name"]; $fileExt=trim(substr($filename,strrpos($filename,".")+ 1)); if(! in_array(via strtolower($fileExt),$type)){ $text = implode(",",$type); mysql_close($conn); die("<script>parent. document. getElementById('error'). innerHTML='you can only upload this type of file:".$ text."'; history. back(1);</script>"); } $newFileName=$uploadDir."/". date("YmdHis").$ filename; if(move_uploaded_file($_FILES["ImgFile"]["tmp_name"],$newFileName)){ mysql_close($conn); die("<script>parent. form1. imgurl. value='".$ newFileName."'; history. back(1);</script>"); }else{ mysql_close($conn); die("<script>parent. document. getElementById('error'). innerHTML='file upload failed!'; history. back(1);</script>"); } mysql_close($conn); ?& gt;

Can be any file name using parsing vulnerability format upload.