Home/ Questions/Q 1050889
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T16:50:20+00:00

I am trying to patch my php fusion to a new vulnerability. But I

  • 0

I am trying to patch my php fusion to a new vulnerability. But I don’t under the vulnerability fully.

Please see here first: http://www.exploit-db.com/exploits/14647/

=================Exploit=================
maincore.php
[php]
 // Locate config.php and set the basedir path
$folder_level = ""; $i = 0;
while (!file_exists($folder_level."config.php")) {
    $folder_level .= "../"; $i++;
    if ($i == 5) { die("Config file not found"); }
}
require_once $folder_level."config.php";
define("BASEDIR", $folder_level);
[/php]
----exploit----

http://{localhost}/{path}/maincore.php?folder_level=LFI

I know what a Local File Inclusion is but how does just setting a get variable make it into the piece of code that was shown, it doesn’t even make use of the get variable!!

Thanks to anyone clearing this up. I want to patch this, if there is anything to patch!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Its because of the register_globals setting from hell in PHP.

    With that enabled the get variables are accessible directly with there name like you see in your code. where

    $_GET['somevar']

    is also 

    $somevar;

    There is a chance it is not set on your server (it really should not) so you are probably not vulnerable to this. But if it is enabled do something about it.

    And in your specific case I am pretty sure that this line

    $folder_level = "";

    At the begining of your script clears anything that could have been set in the url.

    • 0