VULHUB ™

rgboard是韩国的一款php论坛 这是一个标准的逻辑漏洞 spam_img.php代码如下 $schk_code = $_SESSION["schk_".$chk_code]; if(preg_match('/^[0-9]/',$schk_code[$ord])) { // ???? $file='images_spam/'.$schk_code[$ord].".gif"; } else if(preg_match('/^[a-z]/',$schk_code[$ord])) { // ?????? $file='images_spam/'.$schk_code[$ord]."1.gif"; } else if(preg_match('/^[A-Z]/',$schk_code[$ord])) { // ?????? $file='images_spam/'.$schk_code[$ord]."2.gif"; } //没有exit header ("Cache-Control: no-cache, must-revalidate"); header ("Pragma: no-cache"); $LastModified = gmdate("D d M Y H:i:s", time()); header("Last-Modified: $LastModified GMT"); header("ETag: \"$LastModified\""); download_file($file,'-','application/octet-stream'); rgboard <=4.2.0 暂无 sebug.net

rgboard是韩国的一款php论坛 这是一个标准的逻辑漏洞 spam_img.php代码如下 $schk_code = $_SESSION["schk_".$chk_code]; if(preg_match('/^[0-9]/',$schk_code[$ord])) { // ???? $file='images_spam/'.$schk_code[$ord].".gif"; } else if(preg_match('/^[a-z]/',$schk_code[$ord])) { // ?????? $file='images_spam/'.$schk_code[$ord]."1.gif"; } else if(preg_match('/^[A-Z]/',$schk_code[$ord])) { // ?????? $file='images_spam/'.$schk_code[$ord]."2.gif"; } //没有exit header ("Cache-Control: no-cache, must-revalidate"); header ("Pragma: no-cache"); $LastModified = gmdate("D d M Y H:i:s", time()); header("Last-Modified: $LastModified GMT"); header("ETag: \"$LastModified\""); download_file($file,'-','application/octet-stream'); rgboard <=4.2.0 暂无 sebug.net