dedecms any address jump-vulnerability warning-the black bar safety net

2011-12-17T00:00:00
ID MYHACK58:62201132613
Type myhack58
Reporter 佚名
Modified 2011-12-17T00:00:00

Description

Brief description: dedecms any address jump

Detailed description: http://www.dedecms.com/plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D

$link = base64_decode(urldecode($link)); http://www.badguest.cn

the link can be configured to any address, below to jump directly.

header("location:$link");

Affect all used to dedecms system website

Vulnerability to prove: http://www.dedecms.com/plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D

Solution: use parameters to make a judgment, not with the domain name of the jump to be prompted to

Author of the day fish