phpdisk vulnerability released — phpdisk header bypass & getShell exp-vulnerability warning-the black bar safety net

ID MYHACK58:62201234196
Type myhack58
Reporter 佚名
Modified 2012-06-28T00:00:00


Author:Yaseng Team:CodePlay 1:code auditing

PHPDISK network disk system is for domestic use wide range of PHP and MySQL to build the network drive(file storage management)system,The author of its source code analysis,found a very interesting stuff.....

! clip_image002

Figure a

Figure A is install 下面 的 index.php the program installation file. Fancy starting a normal code,when the system is installed,generate a lock file,again to perform the install when the judge ,here he is with a Header,and wood exit. However the php in the header to jump after the code or backward to perform,can directly post data in the past,then look at this file.

! clip_image004

Figure II

The installation process all by$step,and step again can be against the POST control. Keep looking you can use of

$str = "<? php". LF. LF;

$str .= "// This is PHPDISK auto-generated file. Do NOT modify me.". LF. LF;

[1] [2] [3] [4] [5] [6] [7] [8] next