Modern cms framework laraval/symfony/slim, leading to today's php vulnerability appears point, principle, using method, has undergone some changes, this series can hope to summarize their excavation of such a cms vulnerability.
Today this vulnerability is Edusoho a user table dump vulnerability. First, I briefly explain the vulnerability principle. 【Vulnerability source code download: https://mega.nz/#! 4chVWCAB! xBVyC9QqxMCmeuLu3rGx__PwgkLe_a5NWUITLS3QzuM 】
0x01 turn on DEBUG mode caused by the risks
Edusoho turn on the debug mode later will be in the program after an error output debug information, including the current environment variable value. The default index. php is not turned on debug, but the/api/index. php will turn on debug:
Follow up about the framework of the exception handling method. Index. php register the exception handling:
| 1 | The ErrorHandler::register(); ---|---
2 | ExceptionHandler::register(); ---|---