Zcncms1.2.8 code audit summary file contains vulnerabilities and fixes

Source: Internet
Author: User

Tools used in this article: Seay PHP code audit tool 2.0.6, www.2cto.com/soft/201210/34667.html

Here is an introduction:

Zcncms is a content management system developed by webmasters based on php Technology in China. It provides modules and models such as content editing, keyword management, advertisement management, and link management, the program design is very concise and focuses on the requirements of secondary development. You can easily add new models and functions, such as example documents and product models on the basis of the original system, the program is developed by a team with 5 years of technical experience based on the original program accumulated by the team for one year. It meets the existing site construction requirements and is optimized based on seo, seo functions such as pseudo-static are supported.

 

Let's look at the file structure:

 

We first use a tool to scan it, and then check the file one by one

I. File Inclusion Vulnerability

 

Figure:

 

 

The vulnerability File include \ template. inc. php is displayed on the tool.

 

Check the Code:

<? Php

// Common parts

Ob_start ();

If ($ tpl_in_module = 0 ){

Include (WEB_TPL. $ templatefile );

} Elseif ($ tpl_in_module = 1 ){

Include ($ templatefile );

}

$ Output = ob_get_contents ();

Ob_end_clean ();

Echo $ output;

Exit;

?>

 

 

Obviously, the $ tpl_in_module and $ templatefile variables are not initialized. When register_globals = On, the users can include files, but the front-end cannot upload files, in the case of allow_url_include = on, our staff directly contained remote files. The official customer service paper for male clothes and Women's Wear (author of zcncms) said it was developing the membership function...

 

Proof of vulnerability:

 

Repair Method:

Initialization.

 

After searching for a long time, I read other sensitive files and found no major problems. This cms set is still quite good, and the author Mu JJ installs sister paper. Okay, this time, even if this is the case, wait for the membership function to come out and dig it out. This document has been submitted to the official website and will be repaired.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.