如何通过传递地址栏中的参数来调用它?
代码:
<?php
/**
* Generate the list of pages, linking to each
*
* @param integer $boardpage Current board page
* @param integer $pages Number of pages
* @param string $board Board directory
* @return string Generated page list
*/
/* <3 coda for this wonderful snippet
print $contents to $filename by using a temporary file and renaming it */
function print_page($filename, $contents, $board) {
global $tc_db;
$tempfile = tempnam(KU_BOARDSDIR . $board . '/res', 'tmp'); /* Create the temporary file */
$fp = fopen($tempfile, 'w');
fwrite($fp, $contents);
fclose($fp);
/* If we aren't able to use the rename function, try the alternate method */
if (!@rename($tempfile, $filename)) {
copy($tempfile, $filename);
unlink($tempfile);
}
chmod($filename, 0664); /* it was created 0600 */
}
?>
这是我试过的:
http://example.com/inc/func/pages.php?action=print_page& $文件名%27lel.php&安培; $内容=%27asdasd%27安培; $板= B
但显然无法调用该方法。想法? 我实际上并没有试图为了我自己的任何目的而打电话。有人在我的网站上使用RCE来上传shell并破坏它。这是我用grep找到的唯一易受攻击的方法。所有执行和系统方法都是清洗和安全的。其他想法?
答案 0 :(得分:0)
确保使用
调用该函数print_page($_REQUEST['filename'], $_REQUEST['contents'], $_REQUEST['board'])