标签:任意
-
boblog任意变量覆盖漏洞”
漏洞代码如下: // go.php $q_url=$_SERVER["REQUEST_URI"]; @list($relativePath, $rawURL)=@explode('/go.php/', $q_url); $rewritedURL=$rawURL; // 来自$_SERVER["REQUEST_URI"],可以任意提交的:) ... $RewriteRul...
-
野草weedcmsV5.2.1 任意删除文件漏洞”
member.php if($action=='edit_member_ok'){ //member.php?action=edit_member_ok check_request(); //检查来路 if(!check_login()){ //检测是否登录会员 message(array('text'=>$language['please_login'],'link'=>'member.php')); }...