PHPCMS2008 1 0 0 5 2 7 version website management system to download an arbitrary file vulnerability-vulnerability warning-the black bar safety net

Phpcms is a PHP-based+Mysql architecture of the web content management system, it is an open-source PHP development platform. Phpcms uses a modular approach to the development, functional and easy to use to facilitate the expansion, for medium to large sites provide heavyweight website Building...

PHPCMS2008 100527版本网站管理系统下载任意文件漏洞

phpcms2008sp4 下载任意文件漏洞发布后，27号官方的补丁是这样的： down.php ifpregmatch'/.php/i',$f || strpos$f, ":\" showmessage'地址有误'; //12行 没补丁前是这样的： ifpregmatch'/.php$/',$f || strpos$f, ":\" showmessage'地址有误'; //12行 可以看出两者的区别。 但同样是这个文件中： parsestr$ak;//8行 知道这里还有更好的利用方法了，再看文件： download.php if$m $fileurl =...