Shulou(Shulou.com)06/01 Report--

Program introduction: we unreservedly tell you that the Mymps Ant Classification Information system 5.6S multi-city version of the website source code + the new version of the mobile phone interface pure installation version, remove domain name restrictions, you can unlimited installation and use, no functional restrictions, personal testing to ensure stable operation. Some of the core files of this program are encrypted with zend, but it does not affect the use. If you can't install it, the reason is simply the server environment.

/ member/include/inc_shop.php

If ($if_corp = = 1) {

/ /?

If ($ac = = 'base') {

If (empty ($tname)) write_msg ('','? masked shoppers, typefaces, corps, errors, 39')

If (empty ($areaid)) write_msg ('','? masked shoppers, typefaces, corps, errors, 40')

$db-> query ("UPDATE `{$db_mymps} member` SET tname='$tname',catid='$catids',areaid='$areaid',introduce='$introduce',address='$address',busway='$busway',mappoint='$mappoint',msn='$msn',web='$web' $where AND if_corp ='1'")

Write_msg ('','? massively shopped, typewritten, corpsed 13')

} elseif ($ac = = 'template') {

If ($_ FILES [$name_file] ['name']) {

Require_once MYMPS_INC.'/upfile.fun.php'

$destination = "/ banner/" .date ('Ym'). "/"

$mymps_p_w_picpath = start_upload ($name_file,$destination,0,'','',$oldbanner,'')

The previous ac doesn't matter, it's just if judgment and then enter the operation. Let's mainly look at template here, get the uploaded content of $name_file and pass it to start_upload. Here, we can say that $oldbanner is controllable in passing parameters.

Take a look at the contents of the function

Function start_upload ($file_name, $destination_folder, $watermark = 0, $limit_width = "", $limit_height = "", $edit_filename = ", $edit_pre_filename =")

{

Global $mymps_global

Global $timestamp

If (! is_uploaded_file ($_ FILES [$file_name] ['tmp_name']))

{

Write_msg ("Please reselect the picture you want to upload!")

}

$file = $_ FILES [$file_name]

@ createdir (MYMPS_UPLOAD.$destination_folder)

$file_name = $file ['tmp_name']

$pinfo = pathinfo ($file ['name'])

$ftype = $pinfo ['extension']

$fname = $pinf [basename]

If (empty ($edit_filename) & & empty ($edit_pre_filename))

{

$destination_file = $timestamp.random (). ". $ftype

$destination = MYMPS_UPLOAD.$destination_folder.$destination_file

$small_destination = MYMPS_UPLOAD.$destination_folder. "pre_". $destination_file

}

Else

{

$destination = MYMPS_ROOT.$edit_filename

$small_destination = MYMPS_ROOT.$edit_pre_filename

$forbidarray = array (

MYMPS_ROOT. "/ p_w_picpaths/logo.gif"

MYMPS_ROOT. "/ p_w_picpaths/nopic.gif"

MYMPS_ROOT. "/ p_w_picpaths/nophoto.jpg"

MYMPS_ROOT. "/ p_w_picpaths/noavatar.gif"

MYMPS_ROOT. "/ p_w_picpaths/noavatar_small.gif"

);

If (! in_array ($destination, $forbidarray) | | $destination! = MYMPS_ROOT)

{

@ unlink ($destination)

}

If (! in_array ($small_destination, $forbidarray) | | $destination! = MYMPS_ROOT)

{

@ unlink ($small_destination)

}

Unset ($forbidarray)

}

If (file_exists ($destination))

{

Write_msg ("the picture with the same name already exists, please reselect the picture you want to upload!" );

}

If (! move_uploaded_file ($file_name, $destination))

{

Write_msg ("Picture upload failed, please re-select the picture you want to upload!" );

}

Look at here

$file = $_ FILES [$file_name]

@ createdir (MYMPS_UPLOAD.$destination_folder)

$file_name = $file ['tmp_name']

$pinfo = pathinfo ($file ['name'])

$ftype = $pinfo ['extension']

$fname = $pinf [basename]

First, get the contents of the file, and then get the file suffix and the file name.

{

$destination = MYMPS_ROOT.$edit_filename

$small_destination = MYMPS_ROOT.$edit_pre_filename

$forbidarray = array (

MYMPS_ROOT. "/ p_w_picpaths/logo.gif"

MYMPS_ROOT. "/ p_w_picpaths/nopic.gif"

MYMPS_ROOT. "/ p_w_picpaths/nophoto.jpg"

MYMPS_ROOT. "/ p_w_picpaths/noavatar.gif"

MYMPS_ROOT. "/ p_w_picpaths/noavatar_small.gif"

);

Here the edit and edit_pre reason is not empty, so enter the if for suffix and path stitching (there is no validity during the period)

If (file_exists ($destination))

{

Write_msg ("the picture with the same name already exists, please reselect the picture you want to upload!" );

}

If (! move_uploaded_file ($file_name, $destination))

{

Write_msg ("Picture upload failed, please re-select the picture you want to upload!" );

}

The next step is to determine whether there is the same name and upload it directly if it does not exist.

Local recurrence:

Old the file name we specified

But in my impression, I don't remember this loophole in ant classification. Take a look at it in all kinds of mood. Just look at one.

It is found that there will be a call to check_upp_w_picpath on everyone except ours to see what's going on.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.