PHPMyWind CMS v4. 6. 3 Beta 0day-vulnerability warning-the black bar safety net


BUG-1: permission to bypass File location: goodsshow.php Problem code: 2 0 //Do not allow visitors under the single jump landing 2 1 if(empty($_COOKIE['username'])) /just a simple determination of whether or not it is empty 2 2 { 2 3 header('location:member. php? c=login'); 2 4 exit(); 2 5 } 2 6 Brief description: username is cookie get, as long as we let him not empty you can skip the registration directly to the tourists the identity of the order. Using: Firefox cookie plug-ins add yourself a username and assign a value. BUG-2: not authorized to access File location:/data/alipay/index.php Description: in the name behind plus the above URL can be accessed directly to PayPal instant account transaction Interface The Fast Track. The code behind is the background to upload some code: 5 2 //forced to define some file types prohibited upload 5 3 if(in_array($tempfile_ext, explode('|', 'php|pl|cgi|asp|aspx|jsp|php3|shtm|shtml'))) 5 4 { 5 5 return 'your uploaded file type is: ['.$ tempfile_ext.'], the The class file is not allowed by the background upload!'; 5 6 } The above is a mandatory limit Upload File Types. This is obviously a problem, if you can enter the background, then take the shell is smooth. Because the above is a blacklist, not a whitelist. There are many suffixes is that you can upload~! Later I will not see. Very late sleep-in! 2 0 1 3 year 5 month 2 8 day 1:4 7:3 9 PS: long time no play audit, write is not very good, large cattle do not blame to you!