CKFINDER File Inclusion
2013-10-24 20:02:14Inviato da: JoKeR_StEx
Exploit Title : CKFINDER File Inclusion
Author : JoKeR_StEx
Software link : http://cksource.com/ckfinder/download
//
class CKFinder_Connector_Utils_Misc
{
public static function getErrorMessage($number, $arg = "") {
$langCode = 'en';
if (!empty($_GET['langCode']) && preg_match("/^[a-z\-]+$/", $_GET['langCode'])) {
if (file_exists(CKFINDER_CONNECTOR_LANG_PATH . "/" . $_GET['langCode'] . ".php"))
$langCode = $_GET['langCode'];
}
include CKFINDER_CONNECTOR_LANG_PATH . "/" . $langCode . ".php";
if ($number) {
if (!empty ($GLOBALS['CKFLang']['Errors'][$number])) {
$errorMessage = str_replace("%1", $arg, $GLOBALS['CKFLang']['Errors'][$number]);
} else {
$errorMessage = str_replace("%1", $number, $GLOBALS['CKFLang']['ErrorUnknown']);
}
} else {
$errorMessage = "";
}
return $errorMessage;
}
//
.
Gr33t'z TO : The Black Devils , Team Dz S.O.S & All Algerians Hackers and Pentesters :)
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.