PHP burrow detailed analysis-vulnerability warning-the black bar safety net

2012-06-26T00:00:00
ID MYHACK58:62201234184
Type myhack58
Reporter 佚名
Modified 2012-06-26T00:00:00

Description

Below: West Poison

Research a cms for 3 days, I didn't dig into what may be the direct use of the vulnerability, are some of the more tasteless, might be their own level is too dishes. But I put the whole burrowing process is recorded for your reference. If there is something wrong, or is there any good suggestions, please add QQ Group 6 2 5 1 2 6 7 6 together to discuss the learning

0x1

This set of cms I is from a webmasters network, just under, so down under it to build up look at the code,

! clip_image001

This is the latest version, I don't know, there are no predecessors to dig through, so it started.

First start from home to start reading the code,

! clip_image003

Will be one of the few that contains the File Open, Open contains files inside it in addition contains places

First, he defines some constants, so these don't worry, the next is included, the first contains the common.inc.php

We look at common. inc. php.

Other not important code, I'll skip it, I'll analyze the focus code location

[1] [2] [3] [4] [5] [6] [7] [8] [9] [1 0] [1 1] [1 2] [[1 3]] (<34184_13.htm>) next