韩国某编辑器HABYeditor鸡肋漏洞!
摘要:
直接写htm文件,文件名:tmpcontent.htm:直接上传htm文件:文件名:tmpcontent.htm写个htm文件到服务器你们会发现会解析的!编辑器判断方法:editor/historyeditor/licenseeditor/htmlareaeditor/samples/sample_euckr.htmeditor/samples/sample_utf8.htmeditor/filemanager/php/upload.phpeditor/filemanager/php/savecontent.phpeditor/filemanager/php/filemanager_lib.p 阅读全文
posted @ 2013-08-05 21:31 =_=! 阅读(374) 评论(0) 推荐(0) 编辑
