Zcncms1. 2. 8 Code of audit the summary file contains vulnerability and remediation-vulnerability and early warning-the black bar safety net

2012-10-20T00:00:00
ID MYHACK58:62201235238
Type myhack58
Reporter 佚名
Modified 2012-10-20T00:00:00

Description

Prior to a introduction:

zcncms is a webmaster of China based on php technology development of the content management system that provides content editing, keyword management, advertising management, link management module and a model, the program design is very concise and focus on the secondary development of the requirements, you can easily in the original system on the basis of the added new models and features, such as graphic, product and other models, the program consists of 5 years of technical experience of the team lasted one year in the team accumulating the original program on the basis of new development, consistent with existing website requirements and based on seo optimization, support pseudo-static, etc. seo utility functions.

As used herein, the tools: Seay PHP code auditing tool 2. 0. 6, download address http://www. cnseay. com/archives/1 1 1 5

Then look at the file structure:

!

We first use the tool to sweep it again, then a a file check

A file include vulnerability

See the figure:!

Tools on display vulnerability file: include\\template.inc.php

See the code:

<? php

//Common part

ob_start();

if($tpl_in_module == 0){

include(WEB_TPL . $templatefile);

} elseif($tpl_in_module == 1){

include($templatefile);

}

[1] [2] next