DataLife Engine 9.7 (preview.php) PHP code injection-vulnerability warning-the black bar safety net

2013-01-30T00:00:00
ID MYHACK58:62201337042
Type myhack58
Reporter 佚名
Modified 2013-01-30T00:00:00

Description

Title: DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability

Software connected: http://dleviet.com/

Affected version: 9.7

Defect summary

In /engine/preview.php script:

2 4 6. $c_list = implode (',', $_REQUEST['catlist']);

2 4 7.

2 4 8. if( strpos( $tpl->copy_template, "[catlist=" ) !== false ) {

2 4 9. $tpl->copy_template = preg_replace (" #\\[catlist=(.+?)\\] (.*?)\\ [/catlist\\]#ies", "check_category('\\1', '\\2', '{$c_list}')", $tpl->copy_template );

2 5 0. }

2 5 1.

2 5 2. if( strpos( $tpl->copy_template, "[not-catlist=" ) !== false ) {

2 5 3. $tpl->copy_template = preg_replace (" #\\[not-catlist=(.+?)\\] (.*?)\\ [/not-catlist\\]#ies", "check_category('\\1', '\\2', '{$c_list}', false)", $tpl->copy_template );

[1] [2] next