ID MYHACK58:62201340292
Type myhack58
Reporter 残花败柳
Modified 2013-08-25T00:00:00
Description
action\users\user_ico_cut_save.action.php
| 1 | <? php
---|---
2 | //Introduction module public method file
---|---
3 | require("foundation/module_users.php");
---|---
4 | require("foundation/aintegral.php");
---|---
5 | require("foundation/fcontent_format.php");
---|---
6 | require("api/base_support.php");
---|---
7 | //language pack primer
---|---
8 | $u_langpackage=new userslp;
---|---
9 | //database operations
---|---
1 0 | dbtarget('w',$dbServs);
---|---
1 1 | $dbo=new dbex();
---|---
1 2 | $photo_url=short_check(get_argg('pic')); //here here.
---|---
1 3 | $user_id=get_sess_userid();//user ID
---|---
1 4 | $user_name=get_sess_username();//user name
---|---
1 5 | $ico_url=long_check(get_argp('u_ico_url'));
---|---
1 6 | look down
---|---
1 7 | ;
---|---
1 8 | ;
---|---
1 9 | ;
---|---
2 0 |
---|---
2 1 | if(preg_match("/brought you\/photo_store/",$photo_url)){
---|---
2 2 | unlink($photo_url);//delete the temporary image file // you know
---|---
[1] [2] [3] next
{"type": "myhack58", "edition": 1, "title": "iwebsns1. 0 arbitrary file deletion&&2 injection-vulnerability warning-the black bar safety net", "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "189b2ca8d066344588401bd7b7415267"}, {"key": "href", "hash": "bd9e84e4800898fb3d7b37b9da9f08bf"}, {"key": "modified", "hash": "0e0495d05762f8cc589ff021318eeca6"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "0e0495d05762f8cc589ff021318eeca6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "7dd461a9cabd9ac35591446483a8208b"}, {"key": "title", "hash": "33666320c0e4081b5c43ec10d5944acd"}, {"key": "type", "hash": "0665a8b0792e65b50ab13aef58a018dc"}], "references": [], "bulletinFamily": "info", "published": "2013-08-25T00:00:00", "lastseen": "2016-11-08T21:17:31", "history": [], "modified": "2013-08-25T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2013/40292.htm", "hash": "357003ce89d0bdf3cfeb127942988602a4a5c834ca6118a6b0ea7b2ab137091a", "viewCount": 0, "objectVersion": "1.2", "reporter": "\u6b8b\u82b1\u8d25\u67f3", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 3.5, "vector": "NONE", "modified": "2016-11-08T21:17:31"}, "dependencies": {"references": [], "modified": "2016-11-08T21:17:31"}, "vulnersScore": 3.5}, "cvelist": [], "id": "MYHACK58:62201340292", "description": "action\\users\\user_ico_cut_save.action.php\n\n| 1 | <? php \n---|--- \n\n2 | //Introduction module public method file \n---|--- \n\n3 | require(\"foundation/module_users.php\"); \n---|--- \n\n4 | require(\"foundation/aintegral.php\"); \n---|--- \n\n5 | require(\"foundation/fcontent_format.php\"); \n---|--- \n\n6 | require(\"api/base_support.php\"); \n---|--- \n\n7 | //language pack primer \n---|--- \n\n8 | $u_langpackage=new userslp; \n---|--- \n\n9 | //database operations \n---|--- \n\n1 0 | dbtarget('w',$dbServs); \n---|--- \n\n1 1 | $dbo=new dbex(); \n---|--- \n\n1 2 | $photo_url=short_check(get_argg('pic')); //here here. \n---|--- \n\n1 3 | $user_id=get_sess_userid();//user ID \n---|--- \n\n1 4 | $user_name=get_sess_username();//user name \n---|--- \n\n1 5 | $ico_url=long_check(get_argp('u_ico_url')); \n---|--- \n\n1 6 | look down \n---|--- \n\n1 7 | ; \n---|--- \n\n1 8 | ; \n---|--- \n\n1 9 | ; \n---|--- \n\n2 0 | \n---|--- \n\n2 1 | if(preg_match(\"/brought you\\/photo_store/\",$photo_url)){ \n---|--- \n\n2 2 | unlink($photo_url);//delete the temporary image file // you know \n---|--- \n\n**[1] [[2]](<40292_2.htm>) [[3]](<40292_3.htm>) [next](<40292_2.htm>)**\n"}
{}
