Z-blog at the front Desk without signing in contains a vulnerability a gold-bug warning-the black bar safety net

2015-06-12T00:00:00
ID MYHACK58:62201563518
Type myhack58
Reporter 佚名
Modified 2015-06-12T00:00:00

Description

http://www.zblogcn.com/zblogphp/ download

The problem occurs in zb_install/index. php I also notice a bit after the installation is complete is to write what's prompt

The results of the installation Create the database! zblog Connect to the database and create a data table! Create and insert data success! Save the settings,compile the template for success!

The prompt is this and not prompt the user to delete this directory but it will not automatically delete this file. So the basic is there.

<? php / * Z-Blog with PHP * @author * @copyright (C) RainbowSoft Studio * @version 2.0 2013-07-05 */ / * install the app * @param * @return array */ require '../zb_system/function/c_system_base.php'; require '../zb_system/function/c_system_admin.php'; header('Content-type: text/html; charset=utf-8'); define('bingo','<span class="bingo"></span>'); define('error','<span class="error"></span>'); $zbloglang=&$zbp->option['ZC_BLOG_LANGUAGEPACK']; if(isset($_POST['zbloglang']))$zbloglang=$_POST['zbloglang']; $zbp->LoadLanguage('system',",$zbloglang); $zbp->LoadLanguage('zb_install','zb_install',$zbloglang); $zbp->option['ZC_BLOG_LANGUAGE'] = $zbp->lang ['lang']; $zblogstep=(int)GetVars('step'); if($zblogstep==0) $zblogstep=1; if( ($zbp->option['ZC_DATABASE_TYPE']!==") && ($zbp->option['ZC_YUN_SITE']==") ){ $zblogstep=0; }elseif( ($zbp->option['ZC_DATABASE_TYPE']) && ($zbp->option['ZC_YUN_SITE']) ){ if($zbp->Config('system')->CountItem()>0)$zblogstep=0; } ?>

$zbloglang=&$zbp->option['ZC_BLOG_LANGUAGEPACK']; if(isset($_POST['zbloglang']))$zbloglang=$_POST['zbloglang']; $zbp->LoadLanguage('system',",$zbloglang); $zbp->LoadLanguage('zb_install','zb_install',$zbloglang); $zbp->option['ZC_BLOG_LANGUAGE'] = $zbp->lang ['lang'];

[1] [2] [3] [4] next