Discuz 1.5 配合NGINX二次解析爆路径BUG

分类:安全 | 2011-09-1 | 撸过 67 次
1人扯谈

作者:晴天小铸

测试环境:discuz X1.5+nginx 1.0
漏洞文件source/function/function_core.php,代码:

$_G[‘setting’][‘domain’][‘app’][‘default’] && $content = preg_replace(“/webshell.cc/forum.php/admin.php’/DDDDDDD.php 就可以在底部看到一个爆出绝对路径的错误了

本站内容均为原创,转载请务必保留署名与链接!
Discuz 1.5 配合NGINX二次解析爆路径BUG:https://www.webshell.cc/1091.html

随机日志

  1. fghas fdjsakfh fdsaghjk djfhgjkd h kjdfhgjk hdf jdkfhg jkdhf jhfdjkg hjkd Discuz 1.5 配合NGINX二次解析爆路径BUG – WebShell’S Blog dfasdhfkja dfha skjfh saj dkjfsahkj h dsjkahf kj dskjafh kjash dsjhafkjlf dfjaslkj fjdkahslkj gdsfiuhgu wuierywe roeiutoie topiypotr yopitypoi wquiyerewui weuryuieyt fjgkdh hlkghl fdjsfk hj sdflkjgklsd hjk jskdfhjk sh klgjhkl jf skjdfh s kgjjhn d jksdhnfj jdfk ghfhf jdfkgh jk sdjfh jdfhjk dfh dfh Hollister http://fr-hollister.weebly.com/