Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zb_system/function/lib/upload.php Detonating physical path #176

Closed
SameleTom opened this issue Feb 8, 2018 · 1 comment
Closed

zb_system/function/lib/upload.php Detonating physical path #176

SameleTom opened this issue Feb 8, 2018 · 1 comment
Labels
BUG

Comments

@SameleTom
Copy link

SameleTom commented Feb 8, 2018
edited
Loading

location: zb_system/function/lib/upload.php

Code:

class Upload extends Base {

Rows:8

Return error :

Fatal error: Class 'Base' not found in /www/wwwroot/zb_system/function/lib/upload.php on line 8

Harm:

Web site physical path leakage .

conditions for execution:

Normal access can

Edition:

Z-BlogPHP 1.5.1 Zero

Cause the cause :

Class 'Base' not found , Introducing an exception to cause path leakage

Poc:127.0.0.1/zb_system/function/lib/upload.php
@SameleTom SameleTom changed the title zb_system/function/lib/upload.php 爆物理路径 zb_system/function/lib/upload.php Detonating physical path Feb 8, 2018
@zsxsoft
Copy link
Contributor

zsxsoft commented Feb 8, 2018
edited
Loading

Thanks, we will fix it as soon as possible.

@zsxsoft zsxsoft added the BUG label Feb 8, 2018
@zsxsoft zsxsoft closed this as completed in 7f09eb1 Feb 8, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
BUG
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zsxsoft @SameleTom