Author: hiphop
Remote inclusion (Remote File Inclusion)
The simplest example is as follows:
Obviously, the included variable is $ spaw_root.
No restrictions are imposed on remote inclusion to lock the directory...
Attackers can directly include a webshell to launch the attack.
Generally, you can use regular expression for table filtering or basename for variables.
<? Php
// ================================================ ============
// Spaw php wysiwyg editor control
// ================================================ ============
// Main control class
// ================================================ ============
// Developed: Alan Mendelevich, alan@solmetra.lt
// Copyright: Solmetra (c) 2003 All rights reserved.
//------------------------------------------------
// Www.solmetra.com
// ================================================ ============
// V.1.0, 2003-03-25
// ================================================ ============
Include $ spaw_root.config/spaw_control.config.php;
Include $ spaw_root.class/toolbars. class. php;
Include $ spaw_root.class/lang. class. php;
// Instance counter (static)
$ Spaw_wysiwyg_instCount = 0;
Class SPAW_Wysiwyg {
// Controls name
Var $ control_name;
// Value
Var $ value;
// Holds control toolbar mode.
Var $ mode;
// Editor dimensions;
Var $ height;
Var $ width;
// Language object
Var $ lang;
// Theme (skin)
Var $ theme;
// Editor stylesheet
Var $ css_stylesheet;
// Toolbar dropdown data
Var $ dropdown_data;
// Toolbars
Var $ toolbars;
// Constructor
Function SPAW_Wysiwyg ($ control_name = richeditor, $ value =, $ lang =, $ mode =,
$ Theme =, $ width = 100%, $ height = 300px, $ css_stylesheet =, $ dropdown_data =)
{
Global $ spaw_dir;
Global $ spaw_wysiwyg_instCount;
Global $ spaw_default_theme;
Global $ spaw_default_css_stylesheet;
$ Spaw_wysiwyg_instCount ++;
$ This-> control_name = $ control_name;
$ This-> value = $ value;
$ This-> width = $ width;
$ This-> height = $ height;
If ($ css_stylesheet =)
{
$ This-> css_stylesheet = $ spaw_default_css_stylesheet;
}
Else
{
$ This-> css_stylesheet = $ css_stylesheet;
}
$ This-> getLang ($ lang );
If ($ theme =)
{
$ This-> theme = $ spaw_default_theme;
}
Else
{
$ This-> theme = $ theme;
}
$ This-> mode = $ mode;
$ This-> dropdown_data = $ dropdown_data;
$ This-> getToolbar ();
}
// Sets _ mode variable and fills toolbar items array
Function setMode ($ value ){
$ This-> mode = $ value;
}
// Returns _ mode value
Function getMode (){
Return ($ this-> mode );
}
// Set value/get value
Function setValue ($ value ){
$ This-> value = $ value;
}
Function getValue (){
Return ($ this-> value );
}
// Set height/get height
Function setHeight ($ value ){
$ This-> height = $ value;
}
Function getHeight (){
Return ($ this-> height );
}
// Set/get width
Function setWidth ($ value ){
$ This-> width = $ value;
}
Function getWidth (){
Return ($ this-> width );
}
// Set/get css_stylesheet
Function setCssStyleSheet ($ value ){
$ This-> css_stylesheet = $ value;
}
Function getCssStyleSheet (){
Return ($ this-> css_stylesheet );
}
// Outputs css and javascript code include
Function getCssScript ($ inline = false)
{
// Static method... use only once per page
Global $ spaw_dir;
Global $ spaw_inline_js;
Global $ spaw_root;
Global $ spaw_active_toolbar;
If ($ spaw_inline_js)
{
// Inline javascript
Echo "<script language = JavaScript> ";
Echo "<! --";
Echo "var spaw_active_toolbar =". ($ spaw_active_toolbar? "True": "false ").";";
Include ($ spaw_root.class/script. js. php );
Echo "// --> ";
Echo "</script> ";
}
Else
{
// External javascript
Echo "<script language = JavaScript> ";
Echo "<! --";
Echo "var spaw_active_toolbar =". ($ spaw_active_toolbar? "True": "false ").";";
Echo "// --> ";
Echo "</script> ";
Echo <script language = "JavaScript" src = ". $ spaw_dir.spaw_script.js.php"> </script> ."";
}
}
// Checks browser compatibility with the control
Function checkBrowser ()
{
Global $ HTTP_SERVER_VARS;
$ Browser = $ HTTP_SERVER_VARS [HTTP_USER_AGENT];
// Check if msie
If (eregi ("MSIE [^;] *", $ browser, $ msie ))
{
// Get version
If (eregi ("[0-9] +. [0-9] +", $ msie [0], $ version ))
{
// Check version
If (float) $ version [0] >= 5.5)
{
// Finally check if its not opera impersonating ie
If (! Eregi ("opera", $ browser ))
{
Return true;
}
}
}
}
Return false;
}
// Load language data
Function getLang ($ lang =)