来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] 标题:DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability 软件连接:http://dleviet.com/ 影响版本:9.7 缺陷概述 位于 /engine/preview.php script: 246. $c_list = i......
|
标题:DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
软件连接:http://dleviet.com/
影响版本:9.7
缺陷概述
位于 /engine/preview.php script:
246. $c_list = implode (',', $_REQUEST['catlist']);
247.
248. if( strpos( $tpl->copy_template, "[catlist=" ) !== false ) {
249. $tpl->copy_template = preg_replace( "#\\[catlist=(.+?)\\](.*?)\\[/catlist\\]#ies", "check_category('\\1', '\\2', '{$c_list}')", $tpl->copy_template );
250. }
251. www.2cto.com
252. if( strpos( $tpl->copy_template, "[not-catlist=" ) !== false ) {
253. $tpl->copy_template = preg_replace( "#\\[not-catlist=(.+?)\\](.*?)\\[/not-catlist\\]#ies", "check_category('\\1', '\\2', '{$c_list}', false)", $tpl->copy_template );
254. }
User supplied input passed through the $_REQUEST['catlist'] parameter is not properly
sanitized before being used in a preg_replace() call with the e modifier at lines 249 and 253.
This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of
this vulnerability requires a template which contains a “catlist” (or a “not-catlist”) tag.
解决方案:
打补丁: http://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.html
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
