安乐业v3.0代码审计 - 网站安全 - 自学php

某基友在某地门户上班..网站总让人日..so..让吾等小菜帮忙看一下   菜文 勿喷  抛砖引玉专用   只是粗略瞄了几眼..坑啊..   \common\lib\FCKeditor\editor\filemanager\upload\php\config.php   $Config['AllowedExtensions']['File'] = array() ; $Config['DeniedExtensions']['File'] = array('php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi') ; $Config['AllowedExtensions']['Image'] = array('jpg','gif','jpeg','png') ; $Config['DeniedExtensions']['Image'] = array() ; $Config['AllowedExtensions']['Flash'] = array('swf','fla') ; $Config['DeniedExtensions']['Flash'] = array() ;根本木有过滤media有木有..   news\install\index.php.bak  这货竟然还带一个dede..虽然是bak备份文件..但是在apache中默认不解析bak...so 向上解析为php   HdhCmsTest2cto测试数据 <?php /**    *    */ $insLockfile = dirname(__FILE__).'/install_lock.txt'; /*省略代码*/ foreach(Array('_GET','_POST','_COOKIE') as $_request) {          foreach($_request as $_k => $_v) ${$_k} = RunMagicQuotes($_v); }   require_once(DEDEINC.'/common.func.php');   if(file_exists($insLockfile)) {         exit(" 程序已运行安装，如果你确定要重新安装，请先从FTP中删除install/install_lock.txt！"); } ?>   dede后台拿shell大家都懂..   典型的全局变量覆盖.悲催了...   其实就是dede二次开发的：http://HdhCmsTest17558.net/post/576. html   这东东，当年我还给客户装过……   摘自：/forum.90sec.org

查看更多关于安乐业v3.0代码审计 - 网站安全 - 自学php的详细内容...