最近看Cond0r牛那么努力 我也跟后面了
admin/任何文件.php
|
<?php
define('IN_OUN', true);
include_once( "includes/command.php"); |
再看 admin/includes/command.php
|
<?php
include_once( "../config.inc.php");
//省一段无用代码
include_once( ROOT_PATH."includes/language.php");
include_once( ROOT_PATH."includes/funcomm.php");
include_once( ROOT_PATH."class/mydb.php");
$oPub = new mydb($dbhost,$dbuser,$dbpw,$dbname);
$dbhost = $dbuser = $dbpw = $dbname = NULL;
foreach(array('_COOKIE', '_POST', '_GET') as $_request) {
foreach($$_request as $_key => $_value) {
$_key{0} != '_' && $$_key = daddslashes($_value);
}
}
//也是省一段.........
/* 通过用户输入的域名取得网站配置信息 */
$havedomin = FALSE;
$_SERVER["SERVER_NAME"] = ($_SERVER["SERVER_PORT"] != 80)?$_SERVER["SERVER_NAME"].':'.$_SERVER["SERVER_PORT"]:$_SERVER["SERVER_NAME"];
$db_table = $pre."sysconfig";
if($Aconf['allow_multi']){
$sql = "SELECT * FROM ".$pre."sysconfig WHERE main_domin='".$_SERVER["SERVER_NAME"]."' AND states <> 1 ORDER BY scid ASC LIMIT 1";
}else{
$sql = "SELECT * FROM ".$pre."sysconfig limit 1";
}
//pre没有这东西也不知道怎么出来的
$Anorm = $oPub->getRow($sql); |
文章作者
心灵
上次更新
2011-11-29
许可协议
Nuclear'Atk(核攻击)网络安全实验室版权所有,转载请注明出处。