### 简要描述:
厂商来不来?
### 详细说明:
wap/detail.php(还有好几处,修复时请留意)
```
if (!empty($_GET['mod'])) {
$strModuleID = strval($_GET['mod']); //此处未过滤
include_once('../'.$strModuleID.'/config/var.inc.php'); //包含需截断
$objWebInit->setDBG($arrGPdoDB);
$objWebInit->db();
$arrLink[] = 'mod=' . $strModuleID;
}else{
include_once('include/title.php');
include_once('include/head.php');
$myText = new HAW_text($arrGWeb['name'].'欢迎您!');
$objHaw->add_text($myText);
include_once('include/foot.php');
exit;
}
```
而门户版也提供了会员注册,且存在图片上传点,可以传一个图片马然后包含getshell。
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201401/241604183ccb186bc69b71aa358d9dce46c24603.png" alt="ggg.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/241604183ccb186bc69b71aa358d9dce46c24603.png)
京公网安备 11010502034610号
暂无评论