c-blog2.1 Test Notes
Friends bought space to support PHP but there is no MySQL database, said that the space provider is mainly supporting ASP script. Hey, can't you play PHP? Hey hei can use php+access PHP program AH. Baidu has found the C-blog this program, it has a php+access version of the. Down a look, there is the results of this test.
1. The physical path of the explosion
After reading this blog, found that he wrote to the no too big bug, the file is relatively small and simple knot. Its description reads as follows:
./include contains the Common class library editor configuration file
-->/configs/Configuration file Directory
-->begin.cfg.php macro definitions of some constants, such as paths and databases
-->db.cfg.php Database configuration file
-->init.cfg.php import some class libraries and make some common initialization
-->end.cfg.php program End call file completion program follow-up
And each file calls the Require_once (... /include/configs/begin.cfg.php);
That's our point. After reading the code, I found
Results access to init.cfg.php and end.cfg.php can burst the physical path of the site.
Figure 1
2. Cross-Station vulnerability
The user name in C-blog is not strictly filtered to cause a cross-site vulnerability
When you log in to the background, you find that there is an option in the admin option that has a login record in the background log. Look what he wrote in the code, OH, hey.
The user name entered in the background login process has not been processed.
Then we'll test it.
User: Password: Test
And then use the admin to go backstage to view login log Figure 3
C-blog User name pairs; ,/etc special characters are forced to be/; /, \ So the construction below is not possible
Another cross station is very dangerous, at the front desk has a "message to me," the convenience of visitors to the blog owner message function but unfortunately c-blog to the user name does not strictly filter if we
This user message so the effect is very obvious not only harm the administrator of other people browsing the blog can also be attacked. Figure 4
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
