### 简要描述:
PHPSHE B2C商城系统 v1.2(build 20140519 UTF8)
看到更新了 下一个下来看看。
我擦 敢判断一下lock吗?
### 详细说明:
在install/index.php
```
error_reporting(E_ALL ^ E_NOTICE);
date_default_timezone_set('PRC');
header('Content-Type: text/html; charset=utf-8');
//改写不安全的register_global和防sql注入处理
if (@ini_get('register_globals')) {
foreach($_REQUEST as $name => $value){unset($$name);}
}
$pe['host_root'] = 'http://'.str_ireplace(rtrim(str_replace('\\','/',$_SERVER['DOCUMENT_ROOT']), '/'), $_SERVER['HTTP_HOST'], str_replace('\\', '/', dirname(__FILE__))).'/../';
$pe['path_root'] = str_replace('\\','/',dirname(__FILE__)).'/../';
include("{$pe['path_root']}/include/class/cache.class.php");
include("{$pe['path_root']}/include/function/global.func.php");
if (get_magic_quotes_gpc()) {
!empty($_GET) && extract(pe_trim(pe_stripslashes($_GET)), EXTR_PREFIX_ALL, '_g');
!empty($_POST) && extract(pe_trim(pe_stripslashes($_POST)), EXTR_PREFIX_ALL, '_p');
}
else {
!empty($_GET) && extract(pe_trim($_GET),EXTR_PREFIX_ALL,'_g');
!empty($_POST) && extract(pe_trim($_POST),EXTR_PREFIX_ALL,'_p');
}
switch ($_g_step) {
//#####################@ 配置信息 @#####################//
case 'setting':
if (isset($_p_pesubmit)) {
```
没有判断lock 。。可以直接重装。
轻松Getshell。
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201405/23203455445eaca283f1298bd2649235c4a90f94.jpg" alt="ps1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/23203455445eaca283f1298bd2649235c4a90f94.jpg)
京公网安备 11010502034610号
暂无评论