建站之星最新0DAY

  • A+
所属分类:moonsec_com
摘要

数据库user表结构直接改一下包可以秒了  上传文件注意可以看到这个函数

 public function save_profile() {         $user_info [email protected] ParamHolder::get('user', array());//获取数组          if (sizeof($user_info) <= 0) {             $this->assign('json', Toolkit::jsonERR(__('Missing user information!')));             return '_result';         }         $passwd_changed = false;         try {             $o_user = new User(SessionHolder::get('user/id'));              if ($user_info['email'] != $o_user->email) {                 /* Check duplicates */                 if ($o_user->count("email=?", array($user_info['email'])) > 0) {                     $this->assign('json', Toolkit::jsonERR(__('User E-mail address exists!')));                     return '_result';                 }             }              $o_user->set($user_info);              /* Check password */             $passwd_info [email protected] ParamHolder::get('passwd', array());             if (sizeof($passwd_info) != 2) {                 $this->assign('json', Toolkit::jsonERR(__('Invalid Password!')));                 return '_result';             }             if (strlen(trim($passwd_info['passwd'])) > 0 ||                 strlen(trim($passwd_info['re_passwd'])) > 0) {                 if ($passwd_info['passwd'] == $passwd_info['re_passwd']) {                     $o_user->passwd = sha1($passwd_info['passwd']);                     $passwd_changed = true;                 }             }              $o_user->save(); //可以xo了 这里我不跟踪了 这个源码看的我蛋疼             } catch (Exception $ex) {             $this->assign('json', Toolkit::jsonERR($ex->getMessage()));             return '_result';         }          if ($passwd_changed) {          SessionHolder::destroy();             $this->assign('json', Toolkit::jsonOK(array('forward' => 'index.php')));         } else {          $forward_url = Html::uriquery('mod_user', 'edit_profile');             $this->assign('json', Toolkit::jsonOK(array('forward' => $forward_url)));         }         return '_result';     }

数据库user表结构

建站之星最新0DAY

直接改一下包可以秒了

 

 建站之星最新0DAY

上传文件注意可以看到这个函数

public static function fire_virus($imgfile){ $val_file = str_replace(strchr($imgfile,'.'),'.txt',$imgfile); copy($imgfile,str_replace(strchr($imgfile,'.'),'.txt',$imgfile)); $i = 0; $flag_img = 0; if (file_exists($val_file)) { $f= fopen($val_file,"r"); while (!feof($f)){ $line = fgets($f); if (strpos($line,'eval(') ||strpos($line,'phpinfo') ||strpos($line,'fopen')) {//绕过很简单  @unlink($val_file); @unlink($imgfile); echo '该图片文件可能是伪装木马文件,已经将其删除,请换张上传,'; $flag_img = 1; } $i++; if ($i==50) { break; } } fclose($f); } @unlink($val_file); if ($flag_img) { exit('上传已经停止'); }else{ return true; } }

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: