######################################## ####################################
#
# Title: koufu technology php online ordering system v2.6 Vulnerability
# Time: 2011-10-30
# Team: makebugs
# Author: Fate http://t.qq.com/MakeBug http://hi.baidu.com/micropoor
######################################## ####################################
// \ Mongodes \ lib_base.php
Function realip ()
{
If (isset ($ _ SERVER ['HTTP _ CLIENT_IP '])
{
$ Realip = $ _ SERVER ['HTTP _ CLIENT_IP '];
} Elseif (isset ($ _ SERVER ['remote _ ADDR '])
{
$ Realip = $ _ SERVER ['remote _ ADDR '];
}
Preg_match ("/[\ d \.] {7, 15}/", $ realip, $ onlineip );
$ Realip =! Empty ($ onlineip [0])? $ Onlineip [0]: '0. 0.0.0 ';
Return $ realip;
}
Is it an international issue?
// \ Admin \ upfile. php
<? Php
Session_start ();
If ($ _ SESSION ['ss _ adminid'] = '')
{
Exit ();
}
$ Formname = $ _ POST ['formname'];
$ Editname = $ _ POST ['editname'];
$ Allowtype = array ("gif", "jpg", "bmp", "png", "jpeg ");
$ Ym = date ("Ym ");
$ Uploaddir = "../upfile/images/". $ ym ."/";
If (! Is_dir ($ uploaddir ))
{
Mkdir ($ uploaddir );
}
$ F = date ("YmdHis"). basename ($ _ FILES ['upfile'] ['name']);
$ Uploadfile = $ uploaddir. $ f;
$ Ufile = "upfile/images/". $ ym. "/{$ f }";
$ Bname = basename ($ _ FILES ['upfile'] ['name']);
$ Ar = explode (".", $ bname );
$ F_type = strtolower ($ ar [count ($ ar)-1]); // get the file suffix
// Omitted
?>
How can this verification be performed?
Www.2cto.com
// Chicken ribs:
// \ Admin \ skins. php
Function deldir ($ dir)
{
If (! Is_dir ($ dir) return false;
$ Dh = opendir ($ dir );
While ($ file = readdir ($ dh ))! = False)
{
If ($ file! = "." & $ File! = "..")
{
If (is_dir ($ dir. "/". $ file ))
{
Deldir ($ dir. "/". $ file );
} Else
{
Unlink ($ dir. "/". $ file );
}
}
}
Closedir ($ dh );
Rmdir ($ dir );
}
/**
@ Delete all files in the directory keep the current directory
*/
Function delfile ($ dir)
{
$ Hd = opendir ($ dir );
While ($ f = readdir ($ hd ))! = False)
{
If ($ f! = "..." And $ f! = ".")
{
If (is_file ($ dir. $ f )){
Unlink ($ dir. $ f );
} Else
{
Delfile ($ dir. $ f ."/");
}
}
}
Other exploitation:
\ Fckeditor \ editor \ filemanager \ connectors \ uploadtest.html
\ Fckeditor \ editor \ filemanager \ connectors \ test.html
Fix: targeted verification and repair