QiboCMS V7 do/job.php 任意文件下载漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

1.漏洞分析 /inc/job/download.php ``` $url=trim(base64_decode($url)); $fileurl=str_replace($webdb[www_url],"",$url); if( eregi(".php",$fileurl) && is_file(ROOT_PATH."$fileurl") ){ die("ERR"); } if(!$webdb[DownLoad_readfile]){ $fileurl=strstr($url,"://")?$url:tempdir($fileurl); header("location:$fileurl"); exit; } $webdb[upfileType] = str_replace(' ','|',$webdb[upfileType]); if( $webdb[local_download] && is_file(ROOT_PATH.$fileurl) && eregi("($webdb[upfileType])$",$fileurl) ){ $filename=basename($fileurl); $filetype=substr(strrchr($filename,'.'),1); $_filename=preg_replace("/([\d]+)_(200[\d]+)_([^_]+)\.([^\.]+)/is","\\3",$filename); if(eregi("^([a-z0-9=]+)$",$_filename)&&!eregi("(jpg|gif|png)$",$filename)){ $filename=urldecode(base64_decode($_filename)).".$filetype"; } ob_end_clean(); header('Last-Modified: '.gmdate('D, d M Y H:i:s',time()).' GMT'); header('Pragma: no-cache'); header('Content-Encoding: none'); header('Content-Disposition: attachment; filename='.$filename);...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息