Now the program code is written more and more strange, it is a file that contains the code you can write 2 ways: require the include
Be the first to say require if error then terminate the output and include if error then continue execution.
If a website Management User write in auth. php, and auth. php is maliciously deleted, if you use require then there is no vulnerability.
If the include is generated vulnerability, which is why? Because Include when an error is encountered will continue to perform, so that the user password is empty, it enters the background.
Then if a site to view a Bulletin is a link to the formula index. php? act=view&file=gonggao.php
And the code is
At first glance to the nothing issues, a closer look, the problem came out
$file produced contains a vulnerability
If this site support avatars upload or file upload
With this vulnerability
You can get website the WEBSHELL