WooYun.org

<?php
/* 名站模块 */
/* 162100源码 - 162100.com */
@ require ('set/set.php');
@ require ('set/set_sql.php');
@ require ('set/set_area.php');
if (!function_exists('get_m')) {
  function get_m($v) {
    global $web, $n;
    $text = '';
    if ($web['link_type'] == 1) {
      //$link = '"export.php?url=".urlencode($h[0]).""';
      $link = '"".($h[3] == "js" ? $h[0] : "export.php?url=".urlencode($h[0])).""';
    } else {
      $link = '"".($h[3] == "js" ? "export.php?url=".urlencode($h[0]) : $h[0]).""';
    }
    if ($v = trim($v)) {
          $total_arr = @explode("\n", $v);
      $n = count($total_arr);
          if ($n > 0) {
        $text .= '<div id="mingz_">';
        foreach ($total_arr as $each) {
          $h = @explode("|", trim($each));
          $text .= '<span><a onclick="addM(this)" href="'.eval('return '.$link.';').'"'.($h[2] != '' ? ' class="'.$h[2].'"' : '').'>'.$h[1].'</a></span>';
        }
        $text .= '</div>';
          }
    }
    return $text;
  }
}
$_GET['run'] = (string)$_GET['run'];
if ($_GET['run'] == 'collection') {
  $title = '自定义网址';
  $require = 'collection';
} elseif ($_GET['run'] == 'notepad') {
  $title = '记事本';
  $require = 'notepad';
} elseif ($_GET['run'] == 'search_site') {
  $title = '站内搜索';
  $require = 'search_site';
} else {
  if (array_key_exists($_GET['run'], $web['area']['mingz'])) {
    $title = $web['area']['mingz'][$_GET['run']][0];
    $text = '';
    $n = 0;
    if (!isset($sql['db_err'])) {
      db_conn();
    }
    if ($sql['db_err'] == '') {
        echo 'SELECT class_title,http_name_style,class_priority FROM `'.$sql['pref'].'162100` WHERE column_id="mingz" AND class_id="'.$_GET['run'].'" AND detail_title="" LIMIT 1', $db;
      $result = @mysql_query('SELECT class_title,http_name_style,class_priority FROM `'.$sql['pref'].'162100` WHERE column_id="mingz" AND class_id="'.$_GET['run'].'" AND detail_title="" LIMIT 1', $db);
      if ($row = @mysql_fetch_assoc($result)) {
        
        $text .= (preg_replace('/<style.+<\/style>/isU', '', trim($row['class_priority'])) != '' ? '<style type="text/css">
<!--
.class_priority {}
-->
</style><div class="class_priority">'.$row['class_priority'].'</div>' : $row['class_priority']).''.get_m($row['http_name_style']).'';
      } else {
        $err = '数据为空或读取失败！';
      }
      @mysql_free_result($result);
    } else {
      $err = $sql['db_err'];
    }
    @mysql_close();
  } else {
    $title = '参数出错！';
  }
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Page-Enter" content="blendTrans(Duration=1)" />
<meta http-equiv="Page-Exit" content="blendTrans(Duration=1)" />
<title><?php echo $title.' - '.$web['sitename2'], $web['code_author']; ?></title>
<base target="_blank" />
<link href="inc/css/css_base.css" rel="stylesheet" type="text/css">
<link href="inc/css/style/color_<?php echo preg_replace('/_\d+$/', '', $web['cssfile']); ?>/css.css" rel="stylesheet" type="text/css" id="my_style_color">
<link href="inc/css/style/bj_<?php echo $web['cssfile']; ?>/css.css" rel="stylesheet" type="text/css" id="my_style_bj">
<style type="text/css">
<!--
body { width:720px; background-color:transparent; background-image:none; }
-->
</style>
<script type="text/javascript" language="javaScript" src="inc/js/main.js"></script>
<script language="javascript" type="text/javascript">
<!--
//调出用户信息弹窗
window.onload=function(){
  document.body.style.backgroundColor='#FFFFFF';
  try {
    parent.document.getElementById('t1Frame').height=document.body.offsetHeight;
  }catch(e){
  }
}
//-->
</script>
</head>
<body>
<?php
//<!-- require -->
if (isset($require)) {
  @ require ('inc/run/get_mingz_'.$require.'.php');//此处是个本地包含漏洞。
} else {
  echo $text, $err;
}
//<!-- /require -->
?>
</body>
</html>