Diy-Page v8. 2 0day-vulnerability warning-the black bar safety net

Release date: 2011-2-2 Affected versions: v8. 2 Program description: The DiY-Page was founded in 2 0 0 5 year 2 the end of the month, is a new concept of a custom portal system, using which, you can easily turn the forum into a quasi-portal site. Initially it is by the software authors on the sit...

DiY-Page 上传附件绕过漏洞

DiY-Page处理上传附件的getuploadfilename函数有破绽。 getuploadfilename‍把附件名含有asp、asa、php后缀的替换为空，strreplace可以利用大写绕过。另外上传的附件如果不是 jpg,gif,png,bmp后缀的会自动以 .file作为 后缀，这个同样可以透过apache文件名解析缺陷漏洞利用。 导致远程攻击者可上传可执行文件控制服务器。 v8.2 过滤附件内容，并使用strreplace前统一转换成小写格式。 注册会员-发布条目-上传 .PHp 即可。...

DiY-Page and then blast multiple vulnerabilities-vulnerability warning-the black bar safety net

Front someone studied DiY-Page sqlInj vulnerability analysis posts, I followed read Read code, found Diy-Page v8. 2 program also the presence of multiple vulnerabilities including local file inclusion vulnerability, and upload loophole, cross site loophole, etc.. A, local file inclusion...

DiY-Page 多处漏洞

Diy-Page v8.2程序存在多处漏洞，包括本地文件包含漏洞，上传漏洞，跨站漏洞，etc.. /inc/func.php 02 function getuploadfilename$realname 03 $exttmp=explode".",$realname; 04 $ext=$exttmpcount$exttmp-1; …… 有劳编辑 很多敏感代码被sebug过滤 getuploadfilename把附件名含有asp、asa、php后缀的替换为空，strreplace可以利用大写绕过。 v8.2 严格过滤数据...

Diy-Page v8. 2 two injection vulnerabilities analysis(reference EXP)-vulnerability warning-the black bar safety net

DiY-Page was founded in 2 0 0 5 year 2 the end of the month, is a new concept of a custom portal system, using which, you can easily turn the forum into a quasi-portal site. Initially it is by the software authors on the site since the creation of the home program improved, and through continuous...