DedeEIMS v1. 1 storm background path-vulnerability warning-the black bar safety net

2012-09-25T00:00:00
ID MYHACK58:62201235024
Type myhack58
Reporter 佚名
Modified 2012-09-25T00:00:00

Description

includedialogconfig.php

//Test user login status

$cuserLogin = new 'userLogin' ();

if($cuserLogin->getUserID()==-1)

{

if($cuserLogin->adminDir==")

{

exit('Request Error!');

}

$gurl = "../../{$cuserLogin->adminDir}/login. php? gotopage=". urlencode($dedeNowurl);

echo "";

exit();

}

http://www.xxx.com/include/dialog/config.php will automatically jump to back landing port