BIWEB门户版Getwebshell漏洞
简要描述: 厂商来不来? 详细说明: wap/detail.php(还有好几处,修复时请留意) if !empty$GET'mod' $strModuleID = strval$GET'mod'; //此处未过滤 includeonce'../'.$strModuleID.'/config/var.inc.php'; //包含需截断 $objWebInit-setDBG$arrGPdoDB; $objWebInit-db; $arrLink = 'mod=' . $strModuleID; else includeonce'include/title.php';...
