37 lines
No EOL
1 KiB
PHP
37 lines
No EOL
1 KiB
PHP
source: https://www.securityfocus.com/bid/38126/info
|
|
|
|
Huski CMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
|
|
|
|
Exploiting this issue may allow an attacker to compromise the application and the computer; other attacks are also possible.
|
|
|
|
<?php
|
|
header ('Content-Type: text/html; charset=utf-8');
|
|
// Data Includes
|
|
include_once "PHPLib/db_mysql.inc";
|
|
include_once "Data/dbConnection.class.php";
|
|
include_once "Data/dbConfig.class.php";
|
|
include_once "Data/dataAdapter.class.php";
|
|
include_once "Quicksite/Core/domxml.class.php";
|
|
|
|
|
|
// Quicksite Core Includes
|
|
include_once "Quicksite/Core/all.inc.php";
|
|
|
|
// Configuration
|
|
include_once "Quicksite/db.config.php";
|
|
include_once "inc/vars.config.php";
|
|
|
|
// Initialise the Site
|
|
$site = new Site($_VARS['site']);
|
|
print_r($_SESSION['login']);
|
|
// Initialise the Page
|
|
$page = new Page($site, $_GET['id'], array_merge($_POST, $_GET));
|
|
|
|
// Load plugin sources
|
|
$page->loadPluginSources();
|
|
|
|
// Create the Page
|
|
$page->createPage();
|
|
|
|
echo $page->Result;
|
|
?>
|