VULHUB ™

DeluxeBB是一款基于PHP的论坛程序。 通过$REQUEST_URI注入并执行任意PHP代码。以下是有漏洞的代码段： 29.if($settings['cplog']==1 || $logs==1) { 30.$time = time(); 31.$dir = $settings['logpath']; 32.@chmod($dir.'/cp.php', 0777); 33.$string = $_COOKIE['membercookie'].""|##|$ip|##|$time|##|$REQUEST_URI\n""; 34.$filehandle=@fopen($dir.'/cp.php',""a""); 35.if(!$filehandle) { 36.message($lang_wrongfilepermission, $lang_plschmod); 37.} 38.@flock($filehandle, 2); 39.@fwrite($filehandle, $string); 40.@fclose($filehandle); 41.}"

DeluxeBB是一款基于PHP的论坛程序。 通过$REQUEST_URI注入并执行任意PHP代码。以下是有漏洞的代码段： 29.if($settings['cplog']==1 || $logs==1) { 30.$time = time(); 31.$dir = $settings['logpath']; 32.@chmod($dir.'/cp.php', 0777); 33.$string = $_COOKIE['membercookie'].""|##|$ip|##|$time|##|$REQUEST_URI\n""; 34.$filehandle=@fopen($dir.'/cp.php',""a""); 35.if(!$filehandle) { 36.message($lang_wrongfilepermission, $lang_plschmod); 37.} 38.@flock($filehandle, 2); 39.@fwrite($filehandle, $string); 40.@fclose($filehandle); 41.}"