facebook facebook twitter rss

CKFINDER File Inclusion

Author: JoKeR_StEx , Published: 26-10-2013
Exploit Title : CKFINDER File Inclusion
Author : JoKeR_StEx
Software link : http://cksource.com/ckfinder/download

The Bug:

***********************************************************************************************************
//
class CKFinder_Connector_Utils_Misc
{
public static function getErrorMessage($number, $arg = "") {
$langCode = 'en';
if (!empty($_GET['langCode']) && preg_match("/^[a-z\-]+$/", $_GET['langCode'])) {
if (file_exists(CKFINDER_CONNECTOR_LANG_PATH . "/" . $_GET['langCode'] . ".php"))
$langCode = $_GET['langCode'];
}
include CKFINDER_CONNECTOR_LANG_PATH . "/" . $langCode . ".php";
if ($number) {
if (!empty ($GLOBALS['CKFLang']['Errors'][$number])) {
$errorMessage = str_replace("%1", $arg, $GLOBALS['CKFLang']['Errors'][$number]);
} else {
$errorMessage = str_replace("%1", $number, $GLOBALS['CKFLang']['ErrorUnknown']);
}
} else {
$errorMessage = "";
}
return $errorMessage;

}

***********************************************************************************************************

//
.
.
Gr33t'z TO : The Black Devils , Team Dz S.O.S & All Algerians Hackers and Pentesters :)

Like us on Facebook :