乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-01-21: 细节已通知厂商并且等待厂商处理中 2013-01-21: 厂商已经确认,细节仅向厂商公开 2013-01-31: 细节向核心白帽子及相关领域专家公开 2013-02-10: 细节向普通白帽子公开 2013-02-20: 细节向实习白帽子公开 2013-03-07: 细节向公众公开
爱爱医某分站任意文件上传,对上传文件类型限制不严谨.
<?phperror_reporting(E_ALL);/*require_once './include/common.inc.php'; if(!in_array($groupid,array(1,2,40,44,36,33,45,30,27,3))) { showmessage('group_nopermission', NULL, 'NOPERM'); }*/set_time_limit(0);function genPassword($min = 5, $max = 8){ $validchars= "abcdefghijklmnopqrstuvwxyz123456789"; $max_char = strlen($validchars)-1; $length = mt_rand($min,$max); $password = ""; for($i=0;$i<$length;$i++) { $password.=$validchars[mt_rand(0,$max_char)]; } return $password;}?><html> <head> <title>论坛调用图片FLASH专用通道</title> <meta HTTP-EQUIV=Content-Type content="text/html; charset=gb2312"><style>body {margin-right:40%}</style> </head> <br><br><br><br><a href="http://w2tools.iiyibbs.com/bbs/uploadimg/" target="_blank">图片FLASH浏览</a><?phpif(!empty($_GET['action']) && $_GET['action'] == 'upfile') { $name= $_POST['name']; $ext = substr($_FILES['photo']['name'],-4); if(preg_match('/jpeg/i', $ext)){ $ext=substr($_FILES['photo']['name'],-5); } $target_path = 'uploadimg/z'.time().genPassword().$ext; //copy($_FILES['photo']['tmp_name'], $target_path); move_uploaded_file($_FILES['photo']['tmp_name'], $target_path); if(file_exists($target_path)) { echo $name.'<font color="green">上传成功</font><a href=upimg.php>继续上传</a><br>'; ?><script> function oCopy(obj){ obj.select(); js=obj.createTextRange(); js.execCommand("Copy") } </script> 点击即可复制 <input class="input" onclick="oCopy(this)" value="http://w2tools.iiyibbs.com/bbs/<?echo $target_path?>" size="70"><br /><br /><br /><img src="http://w2tools.iiyibbs.com/bbs/<?echo $target_path ?>"><?php }else{ echo '<font color="red">上传失败</font>'; } exit; } ?> <form action="upimg.php?action=upfile" method="post" name="UForm" enctype="multipart/form-data"> <fieldset> <legend>文件上传(仅支持FLASH和图片以及音频视频格式不大于16M)</legend> <ul> <li>图片或者FLASH<input type="file" name="photo"></li> <li>说明<input type="text" name="name"></li> <li><button type="submit">上传</button> </li> </ul> </fieldset> </form> </body> </html>
我想问一下 上面写的只允许传FLASH类型文件是写着玩的么亲?
就不告诉你.
危害等级:高
漏洞Rank:10
确认时间:2013-01-21 17:23
感谢。
暂无