ANTICHAT - [Обзор Уязвимости DokuWiki]

в общем еще идея есть

повышение прав через редактирование своего профиля.

регистрируем аккаунт.

переходим в мой профиль.

----------------------------

Логин [tester] Полное имя [вот тут тестить]

Эл. адрес [мыльцо@муйл.ру]

----------------------------

Пользователи сохраняются в файл: users.auth.php

.SpoilerTarget" type="button">Spoiler: users.auth.php

PHP код:


		
			
[COLOR="#000000"]# users.auth.php
# [COLOR="#0000BB"]
[/COLOR]# Don't modify the lines above
#
# Userfile
#
# Format:
#
# login:passwordhash:Real Name:email:groups,comma,seperated

tzwtf:$1$JikdmqPD$z4eF2afPNoDcehT7xyeGd1:Sanya:admin@123.ru:admin,user
hui_r_n:$1$dQ8LHk6m$8IWlBUSZui49eujJSh8dt.:\r\n:123@mail.com:user
hui1_r_n:$1$kTqC7Mpq$s3ttMw/BDJGSRgytHUdvW0:123:nuce@ask-mail.com:user
tester:$1$iNHra1Rq$CwCdDlmb9J2QSLTtWIOnZ.:fullname:ggwp@m131.ru:com:user
[/COLOR]

.SpoilerTarget" type="button">Spoiler: Обновление профиля (редактирование)

PHP код:


		
			
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#FF8000"]/**
 * Обновление профиля (редактирование)
 * Print the update profile form
 * 
 * @author Christopher Smith 
 * @author Andreas Gohr 
 */
[/COLOR][COLOR="#007700"]function[/COLOR][COLOR="#0000BB"]html_updateprofile[/COLOR][COLOR="#007700"](){
    global[/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"];
    global[/COLOR][COLOR="#0000BB"]$conf[/COLOR][COLOR="#007700"];
    global[/COLOR][COLOR="#0000BB"]$INPUT[/COLOR][COLOR="#007700"];
    global[/COLOR][COLOR="#0000BB"]$INFO[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#FF8000"]/** @var auth_basic $auth */
[/COLOR][COLOR="#007700"]global[/COLOR][COLOR="#0000BB"]$auth[/COLOR][COLOR="#007700"];

    print[/COLOR][COLOR="#0000BB"]p_locale_xhtml[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'updateprofile'[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]$fullname[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$INPUT[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]post[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]str[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'fullname'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$INFO[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'userinfo'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'name'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$email[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$INPUT[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]post[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]str[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'email'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$INFO[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'userinfo'[/COLOR][COLOR="#007700"]][[/COLOR][COLOR="#DD0000"]'mail'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]true[/COLOR][COLOR="#007700"]);
    print[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]NL[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]= new[/COLOR][COLOR="#0000BB"]Doku_Form[/COLOR][COLOR="#007700"](array([/COLOR][COLOR="#DD0000"]'id'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'dw__register'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]startFieldset[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'profile'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addHidden[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'do'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'profile'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addHidden[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'save'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'1'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makeTextField[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'login'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$_SERVER[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'REMOTE_USER'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'user'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'block'[/COLOR][COLOR="#007700"], array([/COLOR][COLOR="#DD0000"]'size'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'50'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'disabled'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'disabled'[/COLOR][COLOR="#007700"])));
[/COLOR][COLOR="#0000BB"]$attr[/COLOR][COLOR="#007700"]= array([/COLOR][COLOR="#DD0000"]'size'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'50'[/COLOR][COLOR="#007700"]);
    if (![/COLOR][COLOR="#0000BB"]$auth[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]canDo[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'modName'[/COLOR][COLOR="#007700"]))[/COLOR][COLOR="#0000BB"]$attr[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'disabled'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#DD0000"]'disabled'[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makeTextField[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'fullname'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$fullname[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'fullname'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'block'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$attr[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$attr[/COLOR][COLOR="#007700"]= array([/COLOR][COLOR="#DD0000"]'size'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'50'[/COLOR][COLOR="#007700"]);
    if (![/COLOR][COLOR="#0000BB"]$auth[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]canDo[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'modMail'[/COLOR][COLOR="#007700"]))[/COLOR][COLOR="#0000BB"]$attr[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'disabled'[/COLOR][COLOR="#007700"]] =[/COLOR][COLOR="#DD0000"]'disabled'[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makeTextField[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'email'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$email[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'email'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'block'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$attr[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makeTag[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'br'[/COLOR][COLOR="#007700"]));
    if ([/COLOR][COLOR="#0000BB"]$auth[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]canDo[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'modPass'[/COLOR][COLOR="#007700"])) {
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makePasswordField[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'newpass'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'newpass'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'block'[/COLOR][COLOR="#007700"], array([/COLOR][COLOR="#DD0000"]'size'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'50'[/COLOR][COLOR="#007700"])));
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makePasswordField[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'passchk'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'passchk'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'block'[/COLOR][COLOR="#007700"], array([/COLOR][COLOR="#DD0000"]'size'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'50'[/COLOR][COLOR="#007700"])));
    }
    if ([/COLOR][COLOR="#0000BB"]$conf[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'profileconfirm'[/COLOR][COLOR="#007700"]]) {
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makeTag[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'br'[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makePasswordField[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'oldpass'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'oldpass'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'block'[/COLOR][COLOR="#007700"], array([/COLOR][COLOR="#DD0000"]'size'[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#DD0000"]'50'[/COLOR][COLOR="#007700"])));
    }
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makeButton[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'submit'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'btn_save'[/COLOR][COLOR="#007700"]]));
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]addElement[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]form_makeButton[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'reset'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$lang[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'btn_reset'[/COLOR][COLOR="#007700"]]));
[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]endFieldset[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]html_form[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'updateprofile'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]$form[/COLOR][COLOR="#007700"]);
    print[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]NL[/COLOR][COLOR="#007700"];
}[/COLOR][/COLOR]

идея сделать вот так, только от пользователя:

https://i.ibb.co/qskCYHg/photo-2019-02-24-17-59-37.jpg