2. Tech
  3. CTB Vulnerability Terminator Saiy [f.s.t]

CTB Vulnerability Terminator Saiy [f.s.t]

xiaoxiao2021-03-06  44

Vulnerability offers: Firefox Technology Alliance - Saiy [www.wrsky.com] ****************************************************** *************************** Vulnerability Description: CTB read user data and posting time not passing data filtering ..... leading to hackers It is possible to write WebShell to cause the server to damage, (I am dizzy, I will take my 51 space to do animation, so happy to touch ... 55555555) ... Specific description: MODS / Post.php (In Internet cafe Read, how many lines, I really don't know.)

$ this-> file = $ this-> set ['DataPath']. "/". $ this-> input ['forumid']. "/ status.php"; @ $ line = $ this-> get () *********************************************************** *********** This is starting from January, our Firefox (http://www.wrsky.com) found the third deadly loophole about the BBS program, from OFSTAR to me Discover Discuz! 2.5F to this CTB. It is also a fish, I will write a text part and do an animation in the diskless system Internet caf, in the new year, I hope everyone can make more improvement. *********************************************************** *********** Vulnerability exists: currently the latest CTB and previous CTB. Prerequisites: A piece has never deleted a post. Test mode: Submit HTTP: // Forum Address /Data/1/status.php where 1 is the section 1 Enter the section is: http: // Forum Address /Index.php?mods=forumdisplay&ForumID=1 Last generation is the section 1 The corresponding document is http: // forum address /Data/1/status.php to push it ... ********************** ********************************************* Utilization: Posting, in the subject write PHP scripts, Access HTTP: // Forum Address / Data / Exist Section Block /Status.php********************************************************** **************************** Vulnerabilities use animation http://evan52.51.net/test/ctb.zip or http: //free3.e-168.cn/imaboy/ctb.zip*************************************************** ************************ In a hurry, there must be a lot of missing, please come http://www.wrsky.com to advise a certain fish. .... ps: I hate the diskless system Internet, I am hateful. *********************************************************** ************

转载请注明原文地址:https://www.9cbs.com/read-58693.html

9cbs

New Post(0)