Zcncms1.2.8 code audit summary file contains vulnerabilities and fixes

Tools used in this article: Seay PHP code audit tool 2.0.6, www.2cto.com/soft/201210/34667.html

Here is an introduction:

Zcncms is a content management system developed by webmasters based on php Technology in China. It provides modules and models such as content editing, keyword management, advertisement management, and link management, the program design is very concise and focuses on the requirements of secondary development. You can easily add new models and functions, such as example documents and product models on the basis of the original system, the program is developed by a team with 5 years of technical experience based on the original program accumulated by the team for one year. It meets the existing site construction requirements and is optimized based on seo, seo functions such as pseudo-static are supported.

 

Let's look at the file structure:

 

We first use a tool to scan it, and then check the file one by one

I. File Inclusion Vulnerability

 

Figure:

 

 

The vulnerability File include \ template. inc. php is displayed on the tool.

 

Check the Code:

<? Php

// Common parts

Ob_start ();

If ($ tpl_in_module = 0 ){

Include (WEB_TPL. $ templatefile );

} Elseif ($ tpl_in_module = 1 ){

Include ($ templatefile );

}

$ Output = ob_get_contents ();

Ob_end_clean ();

Echo $ output;

Exit;

?>

 

 

Obviously, the $ tpl_in_module and $ templatefile variables are not initialized. When register_globals = On, the users can include files, but the front-end cannot upload files, in the case of allow_url_include = on, our staff directly contained remote files. The official customer service paper for male clothes and Women's Wear (author of zcncms) said it was developing the membership function...

 

Proof of vulnerability:

 

Repair Method:

Initialization.

 

After searching for a long time, I read other sensitive files and found no major problems. This cms set is still quite good, and the author Mu JJ installs sister paper. Okay, this time, even if this is the case, wait for the membership function to come out and dig it out. This document has been submitted to the official website and will be repaired.