When we download source file,we can found the file PbootCMSDoc.CHM
in Absolute directory.
PbootCMSDoc.CHM
is a Development Manual .
It's mean that we can use the php code in {pboot:if(php code)}{/pboot:if}
IF label.
Vulnerability file :\apps\home\controller\ParserController.php
about the IF label code at 1273-1300
lines
The eval()
can execute the php code through the IF Label {pboot:if(php code)}{/pboot:if}
.
And Function parserIfLabel()
have no use filter function before using eval()
.
So one more thing is finding a place to use the IF label {pboot:if(php code)}{/pboot:if}
we found two site whice insert the php code.