韩国某cms远程包含、注射、文件泄漏、上传等多个漏洞
来源:0x50sec.org
无意中发现的,名字未知,版本不详,问题一堆
Google Dork: inurl:bbs_sun/board.php
board.php文件内容如下:
————————–
<?
if(!$admin) $pgUp .= “../”;
else if($admin==’N') $pgUp .= “”;
include $pgUp.”inc/dbconn.php”;
include $pgUp.”bbs_sun/config.php”;
?>
<link href=”<?=$skinSrc?>/style.css” rel=”stylesheet” type=”text/css”>
<?
if($mode == “list”) include ($skinSrc.”/list.php”);
else if($mode == “write” || $mode == “modify” || $mode == “reply”) include ($skinSrc.”/write.php”);
else if($mode == “view”) include ($skinSrc.”/view.php”);
else if($mode == “delete” || $mode == “ment_delete”) include ($skinSrc.”/delete.php”);
?>
————————–