DEDECMS跨站及爆绝对路径漏洞
泄露绝对路径漏洞 member/company.php member/job.php 然后是跨站,这个得YY一下: 漏洞文件:include/jump.php 以下是漏洞代码: ?php if!empty$GET'gurl' echo "scriptlocation="$GET'gurl'";/script"; ? DEDECMS 5 暂无 http://www.dedecms.com 提交:http://127.0.0.1/dc/include/jump.php?gurl=http://00day.cn 会跳转到http://00day.cn...