Vulnerability Author: b4dboyBlog: http://www.secoff.net/Vulnerability Analysis: SeayBlog: http://www.cnseay.com/Reprinted, Please retain the above copyright content.Yesterday, I made a joke on Weibo that my blog is about to be closed, and I have received phone calls, text messages, QQ messages, and private messages from my friends, many other friends began to back up my blog post... It hurts. Sorry, sorry.
B4dboy kiyou released the dedecms and phpcmsv9 local Inclusion Vulnerability. I have also
The category ID is not effectively filtered, resulting in injection. Details: Affected Version: PHPCMS V9-GBK vulnerability file:/phpcms/modules/special/index. php vulnerability function: type () unfiltered parameter: $ _ GET ['typeid']., Row 56th transforms the typeid, and when row 66th uses the typeid again, the typeid of the integer is not used, resulting in injection. Since PHPCMS automatically uses the addslashes function to escape the parameters
CodeUsing system;using system.io;using Word;namespace wpstopdf{class wps2pdf:idisposable {dynamic wps; Public Wps2pdf () {Here to create a WPS instance do not know what to use the Sao operation is not reported to miss the local installation is wps2016 Type type = Type.gettypefromprogid ("kwps.application"); NBS P wps = activator.createinstance (type); } public void to PDF (String wpsfilename, string pdffilename = null) { I F (wpsfilename = = null) {throw new ArgumentNullE
buffer pool
Create bufferpool BUFFERPOOL_32K immediate size 250 automatic pagesize 32 K
Note: The AUTOMATIC Memory self-tuning mechanism is introduced in DB2 V9. By default, the system starts. We add an option "AUTOMATIC" in the buffer pool BUFFERPOOL_32K to enable AUTOMATIC memory Self-Tuning for the buffer pool.
After the command is complete, create a large tablespace TABLESPACE2 with a 32 K page size that is not automatically stored, as shown in l
Background article sort how can I arrange the numbers I've entered? such as pressing 4,3,2,1, from large to small arrangement?The implementation method is as follows:Modified files: content.php in Phpcms\modules\contentThe code is as follows:$datas = $this->db->listinfo ($where, ' id desc ', $_get[' page '); Change into The code is as follows:$datas = $this->db->listinfo ($where, ' listorder ASC, id desc ', $_get[' page ');Phpcms v9 Changing the way b
Phpcms v9 Problems
PHPCMS login always prompt "Verification code input error", clearly did not lose the wrong
Solve
Modify "/caches/configs/system.php"session_storage = ' MySQL 'ForSession_storage = ' Files '
and the domain name in the flow device is consistent with the system.php
?
This module is not installed or has been disabled
Cause module > Module Management > Module management > The corresponding modules are not installed
Solve
Add related re
Common functions extracted from Phpcms v9
/*** Returns a string or array that has been processed by addslashes* @param $string string or array to be processed* @return Mixed*/function New_addslashes ($string) {? ? if (!is_array ($string)) return addslashes ($string);? ? foreach ($string as $key = + $val) $string [$key] = new_addslashes ($val);? ? return $string;}/*** Returns a string or array that has been processed by stripslashes* @param $string s
form, but the front-end output of the site, but also need to modify the site template file. Here, take the PHPCMS default template file For example, open phpcms\templates\default\content\show.html, and find:
{App_path}index.php?m=contentc=taga=liststag={urlencode ($keyword)}
Change into:
{App_path} {UrlEncode ($keyword)}_1.html
Open the phpcms\templates\default\content\tag.html and put the Paging tab
{$pages}To
{Str_replace ("_0.html", "_1.html", $pages)}Finally, let the Web server rewrit
The cause of this failure is that the file_get_contents function is used in the QQ login code of PHPCMS V9 to obtain the https website of Tencent, which is encrypted and transmitted through ssl. Although we can install openssl extension for PHP so that the file_get_contents function can obtain the content, the obtained content is encrypted and cannot be decrypted normally.My solution is to write a method to read data through curl and replace the origi
Phpcms v9 Editor CKEditor set carriage return line break
Find Config.entermode in Staticsjsckeditorconfig.js find the following code, as in the previous illustration:Config.entermode = CKEditor. ENTER_BR;Config.shiftentermode = CKEditor. enter_p;
Change the BR to P,p for BR or other labels. ( if two are both P or BR, an error occurs and the edit box does not appear correctly.) )
Another: The DEDECMS configuration file path is consistent for the In
after a variety of problems, the final installation is successful, although it is in the virtual machine. But suddenly found a problem, because the installation of phpcms is the download of an integration package, not a set of environmental configuration, and the computer before the installation of Wamp, so there has been a problem is: the installation of the prompt phpcms successful, and the homepage can also be displayed, But just can't go into the admin page and phpmyadmin.php page.However, t
In security-related applications, we usually use digital signature technology, and most of them are implemented through MD5 or sha1 information digest algorithms, series 60 2nd and earlier versions have not published this API. We can only transplant it according to the C Language Algorithm in the RFC document. Of course, it is not difficult to transplant it. the release of Symbian OS V9 makes things easier. It discloses some security APIs. The followi
In March August 2007, Symbian published the password system library based on the Symbian OS V9 platform. This library can be downloaded from the Symbian Developer website and can be used on s60 3rd or uiq 3 SDK, it contains symmetric and asymmetric encryption/Decryption methods and password-based encryption and decryption methods. To use this library, you only need to put the files in the installation package in the specified directory. You do not nee
Phpcms V9 common template label call method PC label description {template "content", "Header"} ---------- call the phpcms \ template \ content \ header file under the root directory
{Charset} ------------------------------------- character set (GBK or UTF-8)
{If isset ($ Seo ['title']) ! Empty ($ Seo ['title'])}
{$ Seo ['title']} {/if}
{$ Seo ['site _ title']}
{$ Seo ['keyword']}
{$ Seo ['description']} the above four do not need to be explained, al
The General virtual host provides the phpMyAdmin, select your site database. Then select V9_admin This table. Editpassword, into: Fa3250300be9b7ab0848257f3cbb06e7encrypt, into: UCFFAPSo the password will be changed into PHPCMS. will be able to log in normally.can also putpassword into eeddc98ecb7cca0b0502c8c1e733549e .encrypt into: Fpaidj so. Password will become phpcms, so you can log in, just change the value of MD5 is not, but also to change the value of encrypt. Such mechanisms are almost id
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.