一个美国佬跟我说的,大家千万小心。FireFox进来看看
Jim Merrigan: somebody uploaded this file on your server... as_long_as_you_love_me.wmv
Jim Merrigan: /~yoursite/uploadfile/mtv/as_long_as_you_love_me.wmv
Jim Merrigan: Then he was able to run shell command like following :
Jim Merrigan: sh -c /usr/local/cpanel/bin/logrunner 1.0 /usr/local/cpanel/3rdparty/bin/analog +C\"IMAGEDIR /images/\" +C\"DOMAINSFILE
/usr/local/cpanel/3rdparty/share/analog/lang/ukdom.tab\" +C\"CHARTDIR ./\" +C\"ALLCHART ON\" +C\"LANGUAGE US-ENGLISH\" +C\"LANGFILE
/usr/local/cpanel/3rdparty/share/analog/lang/us.lng\" +C\"OUTFILE /home/yoursite/tmp/analog/4.html\" +C\"LOCALCHARTDIR
/home/yoursite/tmp/analog/\" +C\"CACHEOUTFILE /home/yoursite/tmp/analog/cache.out\" +C\"CACHEFILE /home/yoursite/tmp/analog/cache\" +C\"VHOST ON\"
+C\"OSREP ON\" +C\"BROWSER ON\" +C\"FULLBROWSER ON\" +C\"REDIRREF ON\" +C\"REFSITE ON\" +C\"FAILREF ON\" +C\"LogFormat COMBINED\" +C\"HOSTNAME
yoursitebs.com\" +C\"HOSTURL http://yoursitebs.com/\" /usr/local/apache/domlogs/yoursitebs.com 2>&1