Code audit: ourphp background reproduce any file to read

Language 2020-03-15 21:14:58 views: null

Code audit: ourphp background reproduce any file to read

ourphp
Code audit
Vulnerability reproduction

ourphp

OurPHP proud to send business electricity supplier website system based on PHP + MYSQL perfect development, business electricity supplier + + + phone + APP micro-channel to get a platform to support the N-language station, the site of choice for foreign trade.
Official website: http://www.ourphp.net
demo: http://demo.ourphp.net

Code audit

The problem is in the \ client \ manage \ ourphp_filebox.php.
FIG next edit ($ fename) function, it can be seen from the annotation, it is displayed that reads a file and modification.
Wherein the received parameter fename no filter on the parameters and folder stitching, the inquiry into the document.
Here Insert Picture Description
Where to see the edit function calls, find the line at the 1438 call, which fename parameters passed by reference post directly.

The code is located in row switch 1383, the annotations may be played method known selective action, parameter op.

Vulnerability reproduction

So we can construct exploits path visit, I was using phpstudy local built environment, vulnerability path is as follows:

http://127.0.0.1/client/manage/ourphp_filebox.php?%20op=edit&fename=../config/ourphp_config.php&folder=D:/phpStudy/WWW/templates/

Here Insert Picture Description
This will get the sensitive information we want.

CN_wanku

Published 201 original articles · won praise 31 · views 10000 +

Private letter concerns

Guess you like

Origin blog.csdn.net/qq_43233085/article/details/104429989

Code audit: ourphp background reproduce any file to read

Delete any file code audit

VAuditDemo-Read any file

Discuz! X Front reproduce any file deletion vulnerability

Wordpress4.9.6 reproduce any file deletion vulnerability analysis

[PHP code audit] Record an audit of reading & deleting arbitrary files in the background

Knight cms- read the text - code audit

springMVC read any file associated path

[Code Audit] Instance of Arbitrary File Deletion Vulnerability

PHP code audit 7 - file upload vulnerability

PHP Code Audit 6 - File Contains Vulnerabilities

file read and write code

file read and write code

Mysql LOAD DATA reads the client to reproduce any file vulnerability (Principle Analysis)

PHP: network show any cms background file deletion and sql injection

[An Xun Cup - Not File Upload] Code Audit + File Upload + Insert Injection

Reproduce CVE-2020-3452 (CISCO ASA Remote Arbitrary File Read)

Java code to read properties file

XXE read any file (contents when an output xml parsing)

Read any file of Fanwei Cloud Bridge e-Bridge

How to read a text file from any directory and dialog in java?

2020/1/30 PHP code audit of the file upload vulnerability

Harbor reproduce any administrator Registration Vulnerability

C # source code to read and write xml file

phpMyadmin (CVE-20180-12613) the background to any file that contains the vulnerability analysis

Oracle Audit File

any code

PHP Code Audit 17—CLTPHP Code Audit

springboot+vue+element-ui implements file upload before and background code + file upload background tool class

Java file stream in the background, vue read file stream in the foreground download word

Recommended

The United States plans to restrict the export of large AI models to China and Russia

Apple to reach agreement with OpenAI to bring ChatGPT to iPhone

Ranking

whisper-webui installation tutorial is silky and easy to use

[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations

Import torchvision error problem solving DLL: module not found

observer & watch & notify = pub & sub

A small turntable program [HTML + CSS + JS]

CorelDRAW 2018 shortcuts Daquan

Supervise el botón de menú para lograr un gatillo de presión prolongada

JS将时间秒转换成天小时分钟秒的字符串

RIP basic configuration

[Deleted] solution to a problem a few questions (Noip1994)

Daily

More

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)