Weave a dream(Dedecms)arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Vulnerability page is \include\incbookfunctions.php The trigger page is member/storyaddcontentaction.php Next is open the following address: http://www.xxx.com/member/storyaddcontentaction.php?chapterid=1&arcID=1&body=?& gt; Followed by the word code. When you see the successful message indicates...

dedecms v5. 1 vulnerability-the vulnerability warning-the black bar safety net

\include\incbookfunctions.php --------------------------------------------------- ...... function WriteBookText$cid,$body span id="more-1 9 4 4"/span global $cfgcmspath,$cfgbasedir; $ipath = $cfgcmspath."/ data/textdata"; $tpath = ceil$cid/5 0 0 0; if! isdir$cfgbasedir.$ ipath...

dedecms v5. 1 WriteBookText() code injection vul-vulnerability warning-the black bar safety net

Source: Ph4nt0m Google Group by [email protected] QQ:3 7 8 3 6 7 9 4 2 \include\incbookfunctions.php --------------------------------------------------- ...... function WriteBookText$cid,$body span id="more-1 9 4 4"/span global $cfgcmspath,$cfgbasedir; $ipath = $cfgcmspath."/ data/textdata"; $tpath ...

dedecms v5.1 WriteBookText() code injection vul

\\include\\incbookfunctions.php --------------------------------------------------- …… function WriteBookText$cid,$body global $cfgcmspath,$cfgbasedir; $ipath = $cfgcmspath.\"/data/textdata\"; $tpath = ceil$cid/5000; if!isdir$cfgbasedir.$ipath...