野草weedcmsV5.2.1 任意删除文件漏洞
<p> member.php</p><p> if($action=='edit_member_ok'){ //member.php?action=edit_member_ok</p>
<p> check_request(); //检查来路</p>
<p> if(!check_login()){ //检测是否登录会员</p>
<p> message(array('text'=>$language['please_login'],'link'=>'member.php'));</p>
<p> }</p>
<p> ...省略一堆无关东西</p>
<p> $member_photo_delete=empty($_POST['member_photo_delete'])?'':trim($_POST['member_photo_delete']);</p>
<p> ..继续省略一堆无关东西</p>
<p> if(!empty($member_photo_delete)){</p>
<p> @unlink(ROOT_PATH."/uploads/".$member_photo_delete);</p>
<p> //直接删除了</p>
頁:
[1]