WordPress Plugin eShop Arbitrary Variable Override Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL. eShop is an accessible shopping cart WordPress plugin. An arbitrary variable override vulnerability exists in...

bo-blog任意变量覆盖漏洞

// go.php $qurl=$SERVER"REQUESTURI"; @list$relativePath, $rawURL=@explode'/go.php/', $qurl; $rewritedURL=$rawURL; // 来自$SERVER"REQUESTURI",可以任意提交的: ... $RewriteRules="/component/^/+/?/"; // 这个正则限制的不够细致,可以很轻易的绕过: ... $RedirectTo="page.php?pagealias=\1"; $i=0; foreach $RewriteRules as $rule if...

织梦(DedeCms) V 5.3 任意变量覆盖漏洞

看核心文件include/common.inc.php中的代码 //检查和注册外部提交的变量 foreach$REQUEST as $k=$v if strlen$k0 && eregi'^|cfg|GLOBALS',$k && !isset$COOKIE$k //程序员逻辑混乱了？ exit'Request var not allow!'; 这个地方可以通过提交COOKIE变量绕过cfg等关键字的过滤 接着是注册变量的代码 foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k = $v $$k =...