Created
February 13, 2014 03:19
-
-
Save anonymous/8969165 to your computer and use it in GitHub Desktop.
CVE-2012-2627 not really fixed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2012-2627 wasn't actually fixed it seems. The reason this script fails is because /home/plixer/scrutinizer/snmp/mibs doesn' exist. | |
| [root@fdsafdsafdsa d4d]# ls | |
| alarms.php class.stopwatch.php config.inc.php contextMenu.php dashboards.php database.inc.php exporters.php logalot.php login.php mapping.php reportDesigner.php security.inc.php settings.php statusFilter.php uploader.php | |
| [root@fdsafdsafdsa d4d]# cat uploader.php | |
| <?php | |
| ini_set('display_errors',1); | |
| error_reporting(E_ALL); | |
| // Find the ini file | |
| if (PHP_OS == 'Linux') { | |
| $conf_file = '/etc/plixer.ini'; | |
| }else{ | |
| $path_systemroot = getenv('SYSTEMROOT'); | |
| $path_windir = getenv('WINDIR'); | |
| $path_home = getenv('HOME'); | |
| $conf_file = ''; | |
| if (file_exists($path_systemroot . "\\plixer.ini")) { | |
| $conf_file = $path_systemroot . "\\plixer.ini"; | |
| }else if (file_exists($path_windir . "\\plixer.ini")) { | |
| $conf_file = $path_windir . "\\plixer.ini"; | |
| }else if (file_exists($path_home . "\\plixer.ini")) { | |
| $conf_file = $path_home . "\\plixer.ini"; | |
| }else{ | |
| $conf_file = "plixer.ini"; | |
| } | |
| } | |
| // Parse plixer.ini file | |
| $ini = parse_ini_file($conf_file, true, INI_SCANNER_RAW); | |
| #print_r($ini); | |
| $home_dir = $ini['client']['homedir']; | |
| $results = array(); | |
| $results["home_dir"] = $home_dir; | |
| $target_path = $home_dir . "/snmp/mibs/"; | |
| $rEFileTypes = "/^\.(mib|txt){1}$/i"; | |
| $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); | |
| if(preg_match($rEFileTypes, strrchr($_FILES['uploadedfile']['name'], '.'))){ | |
| if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { | |
| echo "The file ". basename( $_FILES['uploadedfile']['name']). | |
| " has been uploaded"; | |
| $results["success"] = 1; | |
| $results["file_name"] = basename($_FILES['uploadedfile']['name']); | |
| } else{ | |
| echo "There was an error uploading the file, please try again!"; | |
| $results["fail"] = 1; | |
| } | |
| }else{ | |
| echo "womp womp"; | |
| $results["fail"] = 1; | |
| } | |
| echo json_encode($results); | |
| ?> | |
| [root@fdsafdsafdsa d4d]# uname -a | |
| Linux fdsafdsafdsa 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 03:34:52 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux | |
| [root@fdsafdsafdsa d4d]# date | |
| Wed Feb 12 22:17:40 EST 2014 | |
| [root@fdsafdsafdsa d4d]# pwd | |
| /home/plixer/scrutinizer/html/d4d | |
| [root@fdsafdsafdsa d4d]# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment