Destoon cmsÇ°Ì¨getwebshell

admin ·¢±íÓÚ 2018-10-20 20:13:12

<h1 style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:10.5pt 0pt 12pt;padding:0pt;">
</h1>
<h1 style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:10.5pt 0pt 12pt;padding:0pt;">
Ç°ÑÔ
</h1>
<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
2018Äê9ÔÂ21ÈÕ£¬Destoon¹Ù·½·¢²¼°²È«¸üÐÂ£¬ÐÞ¸´ÁËÓÉÓÃ»§¡°Ë÷ÂíÀïµÄº£Ôô¡±·´À¡µÄÒ»¸öÂ©¶´¡£

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
<img width="1025" height="662" src="https://www.9kb.org/content/uploadfile/201809/24/45e542acc90049718fe3cdeeb48e253f.jpg" /> 

<h1 style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:10.5pt 0pt 12pt;padding:0pt;">
Â©¶´·ÖÎö
</h1>
<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
¸ù¾Ý¸üÐÂÏûÏ¢¿ÉÖªÂ©¶´·¢ÉúÔÚÍ·ÏñÉÏ´«´¦¡£DestoonÖÐ´¦ÀíÍ·ÏñÉÏ´«µÄÊÇ module/member/avatar.inc.php ÎÄ¼þ¡£ÔÚ»áÔ±ÖÐÐÄ´¦ÉÏ´«Í·ÏñÊ±×¥°ü£¬²¿·ÖÄÚÈÝÈçÏÂ£º

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
<img width="812" height="330" src="https://www.9kb.org/content/uploadfile/201809/24/9f483b7cdf3f4cb893a676a70e4eafc8.jpg" /> 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
¶ÔÓ¦×Åavatar.inc.php´úÂëÈçÏÂ£º

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
<?php defined('IN_DESTOON') or exit('Access Denied');login();require DT_ROOT.'/module/'.$module.'/common.inc.php';require DT_ROOT.'/include/post.func.php';$avatar = useravatar($_userid, 'large', 0, 2);switch($action) {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
    case 'upload':

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(!$_FILES['file']['size']) {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
            if($DT_PC) dheader('?action=html&reload='.$DT_TIME);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
            exit('{"error":1,"message":"Error FILE"}');

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        }

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        require DT_ROOT.'/include/upload.class.php';

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $ext = file_ext($_FILES['file']['name']);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $name = 'avatar'.$_userid.'.'.$ext;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $file = DT_ROOT.'/file/temp/'.$name;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(is_file($file)) file_del($file);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $upload = new upload($_FILES, 'file/temp/', $name, 'jpg|jpeg|gif|png');

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $upload->adduserid = false;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if($upload->save()) {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
            ...

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        } else {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
            ...

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        }

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
    break;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
ÕâÀïÍ¨¹ý$_FILES['file']ÒÀ´Î»ñÈ¡ÁËÉÏ´«ÎÄ¼þÀ©Õ¹Ãû$ext¡¢±£´æÁÙÊ±ÎÄ¼þÃû$name¡¢±£´æÁÙÊ±ÎÄ¼þÍêÕûÂ·¾¶$file±äÁ¿¡£Ö®ºóÍ¨¹ýnew upload();´´Á¢Ò»¸öupload¶ÔÏó£¬µÈµ½$upload->save()Ê±ÔÙ½«ÎÄ¼þÕæÕýÐ´Èë¡£

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
upload¶ÔÏó¹¹Ôìº¯ÊýÈçÏÂ£¬include/upload.class.php:25£º

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
<?phpclass upload {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
    function __construct($_file, $savepath, $savename = '', $fileformat = '') {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        global $DT, $_userid;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        foreach($_file as $file) {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
            $this->file = $file['tmp_name'];

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
            $this->file_name = $file['name'];

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
            $this->file_size = $file['size'];

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
            $this->file_type = $file['type'];

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
            $this->file_error = $file['error'];

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        }

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $this->userid = $_userid;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $this->ext = file_ext($this->file_name);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $this->fileformat = $fileformat ? $fileformat : $DT['uploadtype'];

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $this->maxsize = $DT['uploadsize'] ? $DT['uploadsize']*1024 : 2048*1024;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $this->savepath = $savepath;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $this->savename = $savename;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
    }}

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
ÕâÀïÍ¨¹ýforeach($_file as $file)À´±éÀú³õÊ¼»¯¸÷Ïî²ÎÊý¡£¶øsavepath¡¢savenameÔòÊÇÍ¨¹ý__construct($_file, $savepath, $savename = '', $fileformat = '')Ö±½Ó´«Èë²ÎÊýÖ¸¶¨¡£

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
Òò´Ë¿¼ÂÇÉÏ´«ÁËÁ½¸öÎÄ¼þ£¬µÚÒ»¸öÎÄ¼þÃûÊÇ1.php£¬µÚ¶þ¸öÎÄ¼þÊÇ1.jpg£¬Ö»Òª¹¹ÔìºÏÀíµÄ±íµ¥ÉÏ´«£¨²Î¿¼£º<a href="https://www.cnblogs.com/DeanChopper/p/4673577.html%EF%BC%89%EF%BC%8C%E5%88%99%E5%9C%A8avatar.inc.php%E4%B8%AD">https://www.cnblogs.com/DeanChopper/p/4673577.html£©£¬ÔòÔÚavatar.inc.phpÖÐ</a>

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
$ext = file_ext($_FILES['file']['name']); // `$ext`¼´Îª`php` $name = 'avatar'.$_userid.'.'.$ext; // $name Îª 'avatar'.$_userid.'.'php'$file = DT_ROOT.'/file/temp/'.$name; // $file ¼´Îª xx/xx/xx/xx.php

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
¶øÔÚuploadÀàÖÐ£¬ÓÉÓÚ¶à¸öÎÄ¼þÉÏ´«£¬$this->file¡¢$this->file_name¡¢$this->file_type½«foreachÔÚµÚ¶þ´ÎÑ»·ÖÐ±»ÖÃÎªjpgÎÄ¼þ¡£²âÊÔÈçÏÂ£º

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
<img width="1153" height="640" src="https://www.9kb.org/content/uploadfile/201809/24/313c14941b854cd98a3b2188203fb968.jpg" /> 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
»Øµ½avatar.inc.php£¬µ±½øÐÐÎÄ¼þ±£´æÊ±µ÷ÓÃ$upload->save()£¬include/upload.class.php:50:

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
<?phpclass upload {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
    function save() {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        include load('include.lang');

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if($this->file_error) return $this->_('Error(21)'.$L['upload_failed'].' ('.$L['upload_error_'.$this->file_error].')');

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if($this->maxsize > 0 && $this->file_size > $this->maxsize) return $this->_('Error(22)'.$L['upload_size_limit'].' ('.intval($this->maxsize/1024).'Kb)');

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(!$this->is_allow()) return $this->_('Error(23)'.$L['upload_not_allow']);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $this->set_savepath($this->savepath);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $this->set_savename($this->savename);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(!is_writable(DT_ROOT.'/'.$this->savepath)) return $this->_('Error(24)'.$L['upload_unwritable']);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(!is_uploaded_file($this->file)) return $this->_('Error(25)'.$L['upload_failed']);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(!move_uploaded_file($this->file, DT_ROOT.'/'.$this->saveto)) return $this->_('Error(26)'.$L['upload_failed']);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        $this->image = $this->is_image();

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(DT_CHMOD) @chmod(DT_ROOT.'/'.$this->saveto, DT_CHMOD);

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        return true;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
    }}

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
ÏÈ¾¹ý¼¸¸ö»ù±¾²ÎÊýµÄ¼ì²é£¬È»ºóµ÷ÓÃ$this->is_allow()À´½øÐÐ°²È«¼ì²é include/upload.class.php:72£º

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
<?php

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
    function is_allow() {

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(!$this->fileformat) return false;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(!preg_match("/^(".$this->fileformat.")$/i", $this->ext)) return false;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        if(preg_match("/^(php|phtml|php3|php4|jsp|exe|dll|cer|shtml|shtm|asp|asa|aspx|asax|ashx|cgi|fcgi|pl)$/i", $this->ext)) return false;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
        return true;

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
    }

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
¿ÉÒÔ¿´µ½ÕâÀï½ö½ö¶Ô$this->ext½øÐÐÁË¼ì²é£¬ÈçÇ°´ËÊ±$this->extÎªjpg£¬¼ì²éÍ¨¹ý¡£

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
½Ó×Å»á½øÐÐÕæÕýµÄ±£´æ¡£Í¨¹ý$this->set_savepath($this->savepath); $this->set_savename($this->savename);ÉèÖÃÁË$this->saveto£¬È»ºóÍ¨¹ýmove_uploaded_file($this->file, DT_ROOT.'/'.$this->saveto)½«file±£´æµ½$this->saveto £¬×¢Òâ´ËÊ±µÄsavepath¡¢savename¡¢saveto¾ùÒÔphpÎªºó×º£¬¶ø$this->fileÊµ¼ÊÖ¸µÄÊÇµÚ¶þ¸öjpgÎÄ¼þ¡£

<h1 style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:10.5pt 0pt 12pt;padding:0pt;">
Â©¶´ÀûÓÃ
</h1>
<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
×ÛÉÏ£¬ÉÏ´«Á½¸öÎÄ¼þ£¬ÆäÖÐµÚÒ»¸öÎÄ¼þÒÔphpÎª½áÎ²Èç1.php£¬ÓÃÓÚÉèÖÃºó×ºÃûÎªphp£»µÚ¶þ¸öÎÄ¼þÎª1.jpg£¬jpgÓÃÓÚÈÆ¹ý¼ì²â£¬ÆäÄÚÈÝÎªphpÒ»¾ä»°Ä¾Âí(Í¼Æ¬Âí)¡£

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
 <img src="https://www.9kb.org/content/uploadfile/201809/24/6f0f09c1a8314545a9080bcd4ba3d095.jpg" />

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
È»ºó·ÃÎÊ<a href="http://127.0.0.1/file/temp/avatar1.php">http://127.0.0.1/file/temp/avatar1.php</a> ¼´¿É¡£ÆäÖÐ1ÊÇ×Ô¼ºµÄ_userid

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
²»¹ýÊµ¼ÊÀûÓÃÉÏ»áÓÐÒ»¶¨µÄÏÞÖÆ¡£

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
µÚÒ»µãÊÇdestoonÊ¹ÓÃÁËÎ±¾²Ì¬¹æÔò£¬ÏÞÖÆÁËfileÄ¿Â¼ÏÂphpÎÄ¼þµÄÖ´ÐÐ¡£

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
<img width="837" height="363" src="https://www.9kb.org/content/uploadfile/201809/24/3f58b59cece34094840f00dee9fef1f8.jpg" /> 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
µÚ¶þµãÊÇavatar.inc.phpÖÐÔÚ$upload->save()ºó£¬»áÔÙ´Î¶ÔÎÄ¼þ½øÐÐ¼ì²é£¬È»ºóÖØÃüÃûÎªxx.jpg£º

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
Ê¡ÂÔ...$img = array();$img = $dir.'.jpg';$img = $dir.'x48.jpg';$img = $dir.'x20.jpg';$md5 = md5($_username);$dir = DT_ROOT.'/file/avatar/'.substr($md5, 0, 2).'/'.substr($md5, 2, 2).'/_'.$_username;$img = $dir.'.jpg';$img = $dir.'x48.jpg';$img = $dir.'x20.jpg';file_copy($file, $img);file_copy($file, $img);Ê¡ÂÔ...

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
Òò´ËÒªÀûÓÃ³É¹¦¾ÍÐèÒªÌõ¼þ¾ºÕùÁË¡£

<h1 style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:10.5pt 0pt 12pt;padding:0pt;">
²¹¶¡·ÖÎö
</h1>
<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
<img width="1475" height="414" src="https://www.9kb.org/content/uploadfile/201809/24/a547052a1ab5496d8566241df25923d2.jpg" /> 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
ÔÚuploadµÄÒ»¿ªÊ¼£¬¾Í½øÐÐÒ»´Îºó×ºÃûµÄ¼ì²é¡£ÆäÖÐis_imageÈçÏÂ£º

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 12pt;padding:0pt;text-align:left;">
function is_image($file) {    return preg_match("/^(jpg|jpeg|gif|png|bmp)$/i", file_ext($file));}

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
<img width="32" height="32" src="https://www.9kb.org/content/uploadfile/201809/24/646b950046bb418ab761eddc9648032a.png" /> 

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
ÔÚ__construct()µÄforeachÖÐÊ¹ÓÃÁËbreak£¬»ñÈ¡ÁËµÚÒ»¸öÎÄ¼þºó¾ÍÌø³öÑ»·¡£

<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
ÔÚis_allow()ÖÐÔö¼Ó¶Ô$this->savenameµÄ¶þ´Î¼ì²é¡£

<h1 style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:10.5pt 0pt 12pt;padding:0pt;">
×îºó
</h1>
<p style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-attachment:initial;background-origin:initial;background-clip:initial;margin:0pt 0pt 18pt;text-align:left;">
Âï£¬×£¸÷Î»´óÊ¦¸µÖÐÇï¿ìÀÖ£¡

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

Destoon cmsÇ°Ì¨getwebshell