最近看Cond0r牛那么努力 我也跟后面了
admin/任何文件.php
|
define('IN_OUN', true);
include_once( "includes/command.php");
|
再看 admin/includes/command.php
|
include_once( "../config.inc.php");
//省一段无用代码
include_once( ROOT_PATH."includes/language.php");
include_once( ROOT_PATH."includes/funcomm.php");
include_once( ROOT_PATH."class/mydb.php");
$oPub = new mydb($dbhost,$dbuser,$dbpw,$dbname);
$dbhost = $dbuser = $dbpw = $dbname = NULL;
foreach(array('_COOKIE', '_POST', '_GET') as $_request) {
foreach($$_request as $_key => $_value) {
$_key{0} != '_' && $$_key = daddslashes($_value);
}
}
//也是省一段.........
/* 通过用户输入的域名取得网站配置信息 */
$havedomin = FALSE;
$_SERVER["SERVER_NAME"] = ($_SERVER["SERVER_PORT"] != 80)?$_SERVER["SERVER_NAME"].':'.$_SERVER["SERVER_PORT"]:$_SERVER["SERVER_NAME"];
$db_table = $pre."sysconfig";
if($Aconf['allow_multi']){
$sql = "SELECT * FROM ".$pre."sysconfig WHERE main_domin='".$_SERVER["SERVER_NAME"]."' AND states 1 ORDER BY scid ASC LIMIT 1";
}else{
$sql = "SELECT * FROM ".$pre."sysconfig limit 1";
}
//pre没有这东西也不知道怎么出来的
$Anorm = $oPub->getRow($sql);
|
![行业之星 0.87 注入漏洞]()
![行业之星 0.87 注入漏洞]()
文章来源于lcx.cc:行业之星 0.87 注入漏洞
相关推荐: Php安全新闻早8点(2011-11-20 星期日)
http://hi.baidu.com/micropoor '2011-11-20 星期日 '插入篇---asp篇 '程序员的思维 'Micropoor.asp代码片段 dim upload,file,formName,formPath,iCount,…
评论