Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

安全问题-命令执行漏洞 #26

Closed
ly55521 opened this issue Oct 11, 2018 · 0 comments
Closed

安全问题-命令执行漏洞 #26

ly55521 opened this issue Oct 11, 2018 · 0 comments

Comments

@ly55521
Copy link

ly55521 commented Oct 11, 2018

在exec.php中直接获取了command参数使用 popen函数导致命令执行。
$c = _GET('command', 'unknow');
$handle = popen($c, "r");

漏洞详情请参考: http://blog.51cto.com/010bjsoft/2298828

poc:
/exec.php?command=dir

@qoli qoli closed this as completed Oct 11, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants