最近看Cond0r牛那么努力 我也跟后面了

admin/任何文件.php

<?php       
define('IN_OUN', true);
include_once( "includes/command.php");

再看 admin/includes/command.php

<?php
include_once( "../config.inc.php");
//省一段无用代码
include_once( ROOT_PATH."includes/language.php");
include_once( ROOT_PATH."includes/funcomm.php");
include_once( ROOT_PATH."class/mydb.php");
$oPub = new mydb($dbhost,$dbuser,$dbpw,$dbname);
$dbhost = $dbuser = $dbpw = $dbname = NULL;

foreach(array('_COOKIE', '_POST', '_GET') as $_request) {
        foreach($$_request as $_key => $_value) {
                $_key{0} != '_' && $$_key = daddslashes($_value);
        }
}
//也是省一段.........


/* 通过用户输入的域名取得网站配置信息 */
$havedomin = FALSE;
$_SERVER["SERVER_NAME"] = ($_SERVER["SERVER_PORT"] != 80)?$_SERVER["SERVER_NAME"].':'.$_SERVER["SERVER_PORT"]:$_SERVER["SERVER_NAME"];
$db_table = $pre."sysconfig";
if($Aconf['allow_multi']){
        $sql = "SELECT * FROM ".$pre."sysconfig WHERE main_domin='".$_SERVER["SERVER_NAME"]."' AND states <> 1 ORDER BY scid ASC LIMIT 1";
}else{
        $sql = "SELECT * FROM ".$pre."sysconfig limit 1";
}
//pre没有这东西也不知道怎么出来的
$Anorm = $oPub->getRow($sql);

行业之星 0.87 注入漏洞

行业之星 0.87 注入漏洞