I followed the news that some of the most popular websites were hacked. I knew that I was using bo-blog. I went to set up 2.1.1 and found some problems. This program has the same upload bug as F2blog, but it is difficult to use it and requires certain permissions. But it works with social engineering.
Xmlrpc. php
Function metaWeblog_newMediaObject ($ values) {// 2006-12-2 add support for uploading files
Global $ config, $ defualtcategoryid, $ db_prefix, $ mbcon, $ nowtime;
$ Userdetail = check_user ($ values [username], $ values [password]); // permission for judgment
$ Struct = $ values [struct];
// Writetofile (text1.php, $ struct [bits]); // debug only
If ($ struct [bits] & $ struct [name]) {
$ Writefilecontent = base64_decode ($ struct [bits]);
$ Ext = strtolower (strrchr ($ struct [name],.);
$ Ext = str_replace (".", $ ext); // No filter suffix
$ Upload_filename = time (). _. rand (1000,999 9). substr (md5 ($ struct [name]), 0, 4)... $ ext;
If ($ mbcon [uploadfolders] = 1 ){
$ Targetfolder_ym = date ("Ym ")./;
$ Targetfolder = "attachment/{$ targetfolder_ym }";
If (! Is_dir ($ targetfolder )){
$ Mktargetfolder = @ mkdir ($ targetfolder, 0777 );
If (! $ Mktargetfolder) xml_error ("Sorry, uploading file ({$ struct [name]}) failed because PHP was unable to create a new directory .");
}
} Else {
$ Targetfolder_ym =;
$ Targetfolder = attachment;
}
$ Filenum = @ fopen ("{$ targetfolder}/{$ upload_filename}", "wb ");
If (! $ Filenum ){
Xml_error ("Sorry, uploading file ({$ struct [name]}) failed .");
}
Flock ($ filenum, LOCK_EX );
Fwrite ($ filenum, $ writefilecontent );
Fclose ($ filenum );
// DB updating, new function in 2.1.0
$ Blog = new boblog;
$ Blog-> query ("insert into '{$ db_prefix} upload' (fid, filepath, originalname, uploadtime, uploaduser) VALUES (null, "attachment/{$ targetfolder_ym} {$ upload_filename}", "{$ struct [name]}", {$ nowtime [timestamp]}, {$ userdetail [userid]}) ");
$ Currentid = db_insert_id ();
If ($ mbcon [wmenable] = 1) {// Add watermark
$ Imgext_watermark = array (jpg, gif, png );
If (in_array ($ ext, $ imgext_watermark )){
Create_watermark ("attachment/{$ targetfolder_ym} {$ upload_filename }");
}
}
}
$ Xml_content = make_xml_piece ("struct", array (url => "{$ config [blogurl]}/attachment. php? Fid = {$ currentid }"));
$ Body_xml = xml_generate ($ xml_content );
Send_response ($ body_xml );
}
Function checkuser ($ username, $ password ){
Global $ db_prefix;
$ Blog = new bobl