Kingsoft enterprise terminal protection optimization system Web Console without having to log any file deleted-bug warning-the black bar safety net

2015-03-08T00:00:00
ID MYHACK58:62201559695
Type myhack58
Reporter xfkxfk
Modified 2015-03-08T00:00:00

Description

Kingsoft enterprise terminal protection optimization system Web Console without having to log arbitrary file deletion

Arbitrary file deletion:

File:/tools/manage/delete_tools.php

code area

<? php

$id = $_POST['id'];

$type = $_POST['type'];

if ($type == "0") { //remove custom tools

try {

$xml = simplexml_load_file("online_tools.xml");

} catch(Exception $e) {

$xml = "";

}

if ($xml !== "") {

for ($i = 0; $i < count($xml->children()); $i++) {

if ($xml->tool[$i]->id == $id) {

@unlink("../".$ xml->tool[$i]->name);

if($xml->tool[$i]->image != "test. png") @unlink("../imgs/".$ xml->tool[$i]->image);

unset($xml->tool[$i]);

$xml->asXML('online_tools.xml');

}

}

$toolID = 0; //get the last node ID

for ($i = 0; $i < count($xml->children()); $i++) {

$toolID = $xml->tool[$i]->id;

}

echo $toolID;

}else{

echo false;

}

} else { //delete the recommended tools

try {

$xml = simplexml_load_file("recom_tools.xml");

} catch(Exception $e) {

$xml = "";

}

if ($xml !== "") {

for ($i = 0; $i < count($xml->children()); $i++) {

if ($xml->tool[$i]->id == $id) {

$xml->tool[$i]->show = 0;

$xml->asXML('recom_tools.xml');

break;

}

}

}else{

echo false;

}

}

?>

When type=1, According to the id to delete the corresponding custom tool

When not type=1, According to the id to delete the corresponding system recommended tools

Tools here but any user login after the upload tools, so can be deleted by any user to upload tool

Here the Delete is not required to login, directly sends a request to delete

First delete the custom tool:

Delete before:

! 1. png

Delete after:

! 2. png

The following remove System recommended tools:

Get outside the network case test, delete before:

! 3. png

Delete after:

! 4. png

Without logging in, to delete the system tools, the background, the corresponding picture will also be deleted together

Vulnerability proof:

See detailed description

Repair solutions:

The corresponding file should tell the user the properties of the Association, or landing after delete, etc.