Тема: Заливка шелла или LFI
Показать сообщение отдельно

  #22  
Старый 25.04.2016, 02:13
zifus
Guest
Сообщений: n/a
Провел на форуме:
17650

Репутация: 0
По умолчанию
Подскажите LFI здесь может быть? А то я его не очень еще понимаю.

.SpoilerTarget" type="button">Spoiler: Код

PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]location.href='/';"[/COLOR][COLOR="#007700"]);
}
[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'ppage'[/COLOR][COLOR="#007700"]];
if ( !isset([/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"]) ||[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"index"[/COLOR][COLOR="#007700"];
}
[/COLOR][COLOR="#0000BB"]$page_filter[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]preg_match[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"/^[A-Za-z0-9_=]{2,20}\$/"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]file_get_contents[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]TEMPLATE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/header.tpl"[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$news[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]intval[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'news'[/COLOR][COLOR="#007700"]] );
[/COLOR][COLOR="#0000BB"]$news_query[/COLOR][COLOR="#007700"]= @[/COLOR][COLOR="#0000BB"]mysql_fetch_array[/COLOR][COLOR="#007700"]( @[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"SELECT date,title,full_story,descr,keywords FROM casino_news WHERE id='[/COLOR][COLOR="#007700"]{[/COLOR][COLOR="#0000BB"]$news[/COLOR][COLOR="#007700"]}[/COLOR][COLOR="#DD0000"]' LIMIT 1"[/COLOR][COLOR="#007700"]) );
if ([/COLOR][COLOR="#0000BB"]$news_query[/COLOR][COLOR="#007700"]!=[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"]&&[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#DD0000"]"news"[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"{title}"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$news_query[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'title'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"{description}"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$news_query[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'descr'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"{keywords}"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$news_query[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'keywords'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"{theme}"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"/templates/"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'language'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]);
 echo[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"];
}
else
{
 require_once([/COLOR][COLOR="#0000BB"]ENGINE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"config/title.php"[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"{title}"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$title[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"{description}"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$title[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"{keywords}"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$title[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"{theme}"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"/templates/"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'language'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"]);
 echo[/COLOR][COLOR="#0000BB"]$header[/COLOR][COLOR="#007700"];
}
if ([/COLOR][COLOR="#0000BB"]$page_filter[/COLOR][COLOR="#007700"]==[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"])
{
[/COLOR][COLOR="#0000BB"]$inc[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]ENGINE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/page."[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]".php"[/COLOR][COLOR="#007700"];
 if ([/COLOR][COLOR="#0000BB"]file_exists[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$inc[/COLOR][COLOR="#007700"]) )
 {
 if ([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'login'[/COLOR][COLOR="#007700"]] !=[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"])
 {
[/COLOR][COLOR="#0000BB"]$id_session[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"CASINOSOFT"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'HTTP_USER_AGENT'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'HTTP_ACCEPT_CHARSET'[/COLOR][COLOR="#007700"]];
[/COLOR][COLOR="#0000BB"]$id_session[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]md5[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$id_session[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]session_id[/COLOR][COLOR="#007700"]( ) );
 if ([/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sid'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#0000BB"]$id_session[/COLOR][COLOR="#007700"])
 {
[/COLOR][COLOR="#0000BB"]$user_status_query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_fetch_array[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"select status from clients where login='"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'login'[/COLOR][COLOR="#007700"]].[/COLOR][COLOR="#DD0000"]"'"[/COLOR][COLOR="#007700"]) );
 if ([/COLOR][COLOR="#0000BB"]$user_status_query[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'status'[/COLOR][COLOR="#007700"]] !=[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"])
 {
 include_once([/COLOR][COLOR="#0000BB"]ENGINE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/header_nomain.php"[/COLOR][COLOR="#007700"]);
 include_once([/COLOR][COLOR="#0000BB"]ENGINE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/page."[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]".php"[/COLOR][COLOR="#007700"]);
 include_once([/COLOR][COLOR="#0000BB"]ENGINE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/footer_nomain.php"[/COLOR][COLOR="#007700"]);
 }
 else
{
 include_once([/COLOR][COLOR="#0000BB"]ROOT_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/block.php"[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]session_destroy[/COLOR][COLOR="#007700"]( );
 exit( );
 }
 }
 else
{
[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'sid'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$_SESSION[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'login'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#DD0000"]""[/COLOR][COLOR="#007700"];
 if ([/COLOR][COLOR="#0000BB"]DEBUG[/COLOR][COLOR="#007700"])
 {
 echo[/COLOR][COLOR="#DD0000"]"Сессия после входа изменена location.href=\"/\";"[/COLOR][COLOR="#007700"];
 }
 }
 }
 else
{
 include_once([/COLOR][COLOR="#0000BB"]ENGINE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/header_nomain.php"[/COLOR][COLOR="#007700"]);
 include_once([/COLOR][COLOR="#0000BB"]ENGINE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/page."[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$page[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]".php"[/COLOR][COLOR="#007700"]);
 include_once([/COLOR][COLOR="#0000BB"]ENGINE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/footer_nomain.php"[/COLOR][COLOR="#007700"]);
 }
 }
 else
{
 include_once([/COLOR][COLOR="#0000BB"]ROOT_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/404.php"[/COLOR][COLOR="#007700"]);
 exit( );
 }
}
else
{
 include_once([/COLOR][COLOR="#0000BB"]ROOT_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/templates/404.php"[/COLOR][COLOR="#007700"]);
 exit( );
}
[/COLOR][COLOR="#0000BB"]$footer[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]file_get_contents[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]TEMPLATE_DIR[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/footer.tpl"[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$footer[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]str_replace[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"{THEME}"[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]"/templates/"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$template[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"/"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$language[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$footer[/COLOR][COLOR="#007700"]);
echo[/COLOR][COLOR="#0000BB"]$footer[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]?>
[/COLOR][/COLOR] 
 
Ответить с цитированием