ABCMS新闻发布系统漏洞

// APP/Controller/Admincp.php    
function actionliulan()
        {
            //管理员资料
            $nowindex = $_GET['page'] ? $_GET['page'] :1;
            //获取数据查询时从第几条开始取数据
            $page = $_GET['page'] ? ($_GET['page']-1)*6 : 0;
            //查询数据
            $liulan = $this->admin->findAll('','id desc',array(6,$page));
            //var_dump($liulan);exit;
            //查询记录总数
            $count = $this->admin->findCount();
            //实例化PAGE  NOWINDEX当前页数
            $page= new page(array('total'=>$conut,'perpage'=>6,'nowindex'=>$nowindex));
            //页面总数
            $page->totalpage = ceil($count/6);
            //分页连接地址
            $page->url = "index.php?controller=Admincp&action=liulan&page=";
            $fy=$page->show(1);
            //var_dump($liulan);
            $this->smarty->assign('liulan',$liulan);
            $this->smarty->assign('page',$fy);
            $this->smarty->display("./admin_back/adminliulan.html");
        } 

很美丽的函数。但是在调用时权限验证出了问题。导致了国际问题。
 

利用方法：

http://127.0.0.1/index.php?controller=Admincp&action=liulan&page=1