Explosion PHPWeb finished website supermarket the latest injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201234460
Type myhack58
Reporter 佚名
Modified 2012-07-28T00:00:00


Today in the morning to dark clouds around, see the Western Digital outstation is proof injection, so they focus a bit.


Then in the afternoon did not think it discloses, a look turned out to be phpweb finished website supermarket.

Western Digital says that third party is ignored, the balls。 You ignore the thought I thought, since you guys in the West that other sites should also be there, so evil

Test phpweb web site, there.


Since there is no fix, I sent it out, may be a lot of big cattle, has been placed with no issue, their own internal in the play.

Baidu looked, 2 0 1 0 years of time to blast through an injection, looks like fix.


Injection address: down/class/index. php? myord=1

Background address: admin.php

Background get the shell method,

Please look at it. http://cache.baidu.com/c?m=9f65cb4a8c8507ed4fece763104687270e54f7336284814c2f87d15f93130601127bb7e667654f13d3b23e3d43b84828b5ad6065367564eccc8dce109decc17e388823722b4a914064d319a5c852609c60c655abf55ba2eda02592dec5a2a94327c044737d9780fc4d0164dd1ffb034792b1e84a022866adec40728e2d6059983431c05089e1256f779686ae4b38c23da11006e4a522b14e4be245ff59&p=8b2a9641ca8508ff57ee957c11478e0a&user=baidu&fm=sc&query=PHPWEB%CD%F8%D5%BE%B9%DC%C0%ED%CF%B5%CD%B3%BA%F3%CC%A8Kedit&qid=83f66f3b1ea5a9ec&p1=1

Or here: http://madman.in/madman4/264.htm

Keywords: inurl:down/class/index. php? myord=

Thanks to a data stream of ideas, only to have this vulnerability.