iwebsns1. 0 arbitrary file deletion&&2 injection-vulnerability warning-the black bar safety net

2013-08-25T00:00:00
ID MYHACK58:62201340292
Type myhack58
Reporter 残花败柳
Modified 2013-08-25T00:00:00

Description

action\users\user_ico_cut_save.action.php

| 1 | <? php ---|---

2 | //Introduction module public method file ---|---

3 | require("foundation/module_users.php"); ---|---

4 | require("foundation/aintegral.php"); ---|---

5 | require("foundation/fcontent_format.php"); ---|---

6 | require("api/base_support.php"); ---|---

7 | //language pack primer ---|---

8 | $u_langpackage=new userslp; ---|---

9 | //database operations ---|---

1 0 | dbtarget('w',$dbServs); ---|---

1 1 | $dbo=new dbex(); ---|---

1 2 | $photo_url=short_check(get_argg('pic')); //here here. ---|---

1 3 | $user_id=get_sess_userid();//user ID ---|---

1 4 | $user_name=get_sess_username();//user name ---|---

1 5 | $ico_url=long_check(get_argp('u_ico_url')); ---|---

1 6 | look down ---|---

1 7 | ; ---|---

1 8 | ; ---|---

1 9 | ; ---|---

2 0 | ---|---

2 1 | if(preg_match("/brought you\/photo_store/",$photo_url)){ ---|---

2 2 | unlink($photo_url);//delete the temporary image file // you know ---|---

[1] [2] [3] next