This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Safe offense and defense A serious vulnerability in the Discuz Anmi app led to the leakage of database information ...
View: 18076|Reply: 2

[Security Vulnerability] A critical vulnerability in the Discuz app led to the leakage of database information

[Copy link]
Posted on 4/15/2015 10:40:57 PM | | |

Open the link, you can see Anmi's database information, all installed as long as you replace the above link with your own address, you can see your own database information.

The following is the plan given by Anmi
1. Open mobcent/app/components/Mobcent.php
2. Put 25 rows

define('MOBCENT_HACKER_UID', true);

Modified to

define('MOBCENT_HACKER_UID', false);

Here are the temporary solutions:
Open mobcent/app/controllers/TestController.php. Comment lines 33 and 38.
That is, amend to:
public function actionPhpInfo() {
//phpinfo();
}

public function actionConfig() {
echo '<pre>';
// print_r(Yii::app());
echo '</pre>';
}






Previous:The 2012 professional course clearance arrangement of the School of Computer Science
Next:Perfect solution to the problem of slow Google fonts in WordPress links

Related Posts
Posted on 6/27/2018 10:13:23 AM |
I just want to do marketing and this
Posted on 6/27/2018 6:02:45 PM |
/(ㄒoㄒ)/~~
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com